Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
nmy4mJXEaz.exe

Overview

General Information

Sample name:nmy4mJXEaz.exe
renamed because original name is a hash value
Original sample name:e9f4f5b56fea82ed8a63d8d31a25f17d.exe
Analysis ID:1575336
MD5:e9f4f5b56fea82ed8a63d8d31a25f17d
SHA1:f2bef840a55118cd7a4f8ccf6182efa58db58fe8
SHA256:b1b159e551802a83f91b224af4f670f3ee6e8ebe28f115d19620dfa51dc75e26
Tags:exeuser-abuse_ch
Infos:

Detection

Credential Flusher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • nmy4mJXEaz.exe (PID: 6824 cmdline: "C:\Users\user\Desktop\nmy4mJXEaz.exe" MD5: E9F4F5B56FEA82ED8A63D8D31A25F17D)
    • taskkill.exe (PID: 6844 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6172 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 3488 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5780 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 3744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6552 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 7104 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 6984 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7052 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 4268 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89cf5a61-b060-41ad-8a73-6666f1ddae83} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 208ac66d510 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7572 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1276 -parentBuildID 20230927232528 -prefsHandle 2948 -prefMapHandle 4064 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5bcb05e-5b67-4f17-9cc9-6af984da76a6} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 208be87a110 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8176 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5344 -prefMapHandle 5292 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc27d761-b0e0-48a4-b8c9-74e9c7a8b21f} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 208be4c4710 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: nmy4mJXEaz.exe PID: 6824JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: nmy4mJXEaz.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: nmy4mJXEaz.exeVirustotal: Detection: 31%Perma Link
    Source: nmy4mJXEaz.exeReversingLabs: Detection: 31%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.2% probability
    Machine Learning detection for sample
    Source: nmy4mJXEaz.exeJoe Sandbox ML: detected
    Source: nmy4mJXEaz.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49755 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49759 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49765 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49771 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49772 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49777 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.4:49781 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49783 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49785 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49784 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49806 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49807 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49808 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50060 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50062 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50063 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50061 version: TLS 1.2
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000D.00000003.1860773567.00000208B9DB3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000D.00000003.1858044254.00000208B9DB9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000D.00000003.1859138360.00000208B9DB3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000D.00000003.1860773567.00000208B9DB3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000D.00000003.1858044254.00000208B9DB9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000D.00000003.1859514966.00000208C7A41000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000D.00000003.1859138360.00000208B9DB3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000D.00000003.1859514966.00000208C7A41000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D9DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00D9DBBE
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DA68EE FindFirstFileW,FindClose,0_2_00DA68EE
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DA698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00DA698F
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D9D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00D9D076
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D9D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00D9D3A9
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DA9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00DA9642
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DA979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00DA979D
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DA9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00DA9B2B
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DA5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00DA5C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 186MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 151.101.1.91 151.101.1.91
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DACE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_00DACE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000D.00000003.1933720385.00000208BE1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1933720385.00000208BE1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1933720385.00000208BE1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1933720385.00000208BE1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.1933720385.00000208BE1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1922853884.00000208C4D7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922975909.00000208C4D5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842833266.00000208C4D7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1922231964.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903045361.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1943345298.00000208C4DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1844045018.00000208C48F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924072283.00000208C48F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1844045018.00000208C48F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924072283.00000208C48F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1922853884.00000208C4D7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1939257607.00000208BE1DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922975909.00000208C4D5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1922231964.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903045361.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1943345298.00000208C4DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1844045018.00000208C48F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924072283.00000208C48F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1844045018.00000208C48F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924072283.00000208C48F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED9220A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3558482051.000001D7F190C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED9220A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3558482051.000001D7F190C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED9220A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3558482051.000001D7F190C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1922231964.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903045361.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1943345298.00000208C4DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://a581a2f1-688c-434b-8db8-16166b1993d9/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1922853884.00000208C4D7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1939257607.00000208BE1DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922975909.00000208C4D5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1953944645.00000208BC88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922231964.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903045361.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1955216906.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842466472.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928732658.00000208C6330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1939257607.00000208BE1DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933333224.00000208BE1DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950341937.00000208BD8E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000D.00000003.1860169596.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805805231.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858248908.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1860929011.00000208B9D79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804996606.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855788088.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805681105.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804279608.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805728646.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000D.00000003.1860169596.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805805231.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858248908.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1860929011.00000208B9D79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804996606.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855788088.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805681105.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804936026.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805728646.00000208B9D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000D.00000003.1803229728.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804996606.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803184233.00000208B9D7A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803424059.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804279608.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804936026.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000D.00000003.1860169596.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805805231.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858248908.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1860929011.00000208B9D79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804996606.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855788088.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805681105.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805728646.00000208B9D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: firefox.exe, 0000000D.00000003.1858248908.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805770669.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803229728.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858410437.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803184233.00000208B9D7A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1806205447.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805681105.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1806710032.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803424059.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804279608.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804936026.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805728646.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1856981099.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
    Source: firefox.exe, 0000000D.00000003.1805770669.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803229728.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803184233.00000208B9D7A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1806205447.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805681105.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1806710032.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803424059.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804279608.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804936026.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805728646.00000208B9D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mi=
    Source: firefox.exe, 0000000D.00000003.1860169596.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858248908.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1860929011.00000208B9D79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805770669.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803229728.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858410437.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803184233.00000208B9D7A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1806205447.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805681105.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1806710032.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803424059.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804279608.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804936026.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861045543.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805728646.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1856981099.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft.c
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000D.00000003.1860169596.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805805231.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858248908.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1860929011.00000208B9D79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804996606.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855788088.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805681105.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804936026.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805728646.00000208B9D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: firefox.exe, 0000000D.00000003.1860169596.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805805231.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858248908.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1860929011.00000208B9D79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804996606.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855788088.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805681105.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804279608.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805728646.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000D.00000003.1804996606.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804279608.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804936026.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000D.00000003.1860169596.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805805231.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858248908.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1860929011.00000208B9D79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804996606.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855788088.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805681105.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805728646.00000208B9D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 0000000D.00000003.1860169596.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805805231.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858248908.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1860929011.00000208B9D79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804996606.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855788088.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805681105.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804279608.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805728646.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000D.00000003.1954132343.00000208B88E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000D.00000003.1944986543.00000208BFCEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
    Source: firefox.exe, 0000000D.00000003.1954132343.00000208B88E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842833266.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000D.00000003.1944986543.00000208BFCB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html(
    Source: firefox.exe, 0000000D.00000003.1954132343.00000208B88E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000D.00000003.1840268062.00000208C78C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000D.00000003.1863391027.00000208C6BA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000D.00000003.1953944645.00000208BC88A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
    Source: firefox.exe, 0000000D.00000003.1952542893.00000208BEE2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1846630177.00000208C4448000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1851583412.00000208BFA43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1944045455.00000208C4483000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1931603178.00000208BEEDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871842551.00000208C47C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1774052367.00000208C47C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885168843.00000208BE3E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953944645.00000208BC88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852619374.00000208BF07D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914379549.00000208BC407000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905907405.00000208BE366000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914379549.00000208BC404000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955216906.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792308438.00000208BE379000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871009620.00000208BFDC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1892169449.00000208BE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1851277113.00000208BFA69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877458503.00000208BDFD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853076828.00000208BEEDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1931603178.00000208BEE2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000D.00000003.1860169596.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805805231.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858248908.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1860929011.00000208B9D79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804996606.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855788088.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805681105.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805728646.00000208B9D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000D.00000003.1860169596.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805805231.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858248908.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1860929011.00000208B9D79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804996606.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855788088.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805681105.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804279608.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804936026.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805728646.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000D.00000003.1803229728.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804996606.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803184233.00000208B9D7A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803424059.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804279608.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804936026.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000D.00000003.1842833266.00000208C4D15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
    Source: firefox.exe, 0000000D.00000003.1842374438.00000208C6A57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0.
    Source: firefox.exe, 0000000D.00000003.1842374438.00000208C6A57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
    Source: firefox.exe, 0000000D.00000003.1842374438.00000208C6A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842833266.00000208C4D15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: firefox.exe, 0000000D.00000003.1805770669.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803229728.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803184233.00000208B9D7A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1806205447.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805681105.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1806710032.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1803424059.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804279608.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804936026.00000208B9D9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805728646.00000208B9D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000D.00000003.1842374438.00000208C6A57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000D.00000003.1953944645.00000208BC88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948685271.00000208BDEC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854383281.00000208BE9A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1954091930.00000208BC848000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854569349.00000208BE970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 0000000D.00000003.1854383281.00000208BE9A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
    Source: mozilla-temp-41.13.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000D.00000003.1842374438.00000208C6A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842833266.00000208C4D15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000D.00000003.1842374438.00000208C6A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842833266.00000208C4D15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000D.00000003.1948853465.00000208BDD39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 0000000D.00000003.1736856844.00000208BC43C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737161169.00000208BC477000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737012948.00000208BC45A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1735707814.00000208BC200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1736159957.00000208BC41F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000D.00000003.1852000333.00000208BF0D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000D.00000003.1842308766.00000208C7609000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000D.00000003.1944045455.00000208C44B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933333224.00000208BE1C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951562611.00000208C63BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000D.00000003.1778018639.00000208BEABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 0000000D.00000003.1853076828.00000208BEE6A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1884816187.00000208BE56E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000D.00000003.1955216906.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842466472.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928732658.00000208C6330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000D.00000003.1955216906.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842466472.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928732658.00000208C6330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000D.00000003.1955216906.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842466472.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928732658.00000208C6330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000D.00000003.1955216906.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842466472.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928732658.00000208C6330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000D.00000003.1955216906.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842466472.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928732658.00000208C6330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000D.00000003.1842833266.00000208C4D15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 0000000D.00000003.1950341937.00000208BD8E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950341937.00000208BD8BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950341937.00000208BD871000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000D.00000003.1933720385.00000208BE1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000D.00000003.1955216906.00000208C6350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000D.00000003.1955216906.00000208C6350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000D.00000003.1841756742.00000208C76C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000D.00000003.1842466472.00000208C63BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955010027.00000208C63BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1775860540.00000208BFF5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1854788612.00000208BE4BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902603950.00000208C63BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928459585.00000208C63BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951562611.00000208C63BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 0000000F.00000002.3559530399.0000027B5CDC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED922EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3561992906.000001D7F1B04000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
    Source: firefox.exe, 0000000F.00000002.3559530399.0000027B5CDC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED922EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3561992906.000001D7F1B04000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
    Source: firefox.exe, 0000000D.00000003.1928732658.00000208C6328000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000D.00000003.1798043030.00000208BD36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1797409766.00000208BD36E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000D.00000003.1798043030.00000208BD36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1797409766.00000208BD36E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000D.00000003.1798043030.00000208BD36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1797409766.00000208BD36E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000D.00000003.1798043030.00000208BD36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1797409766.00000208BD36E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000D.00000003.1798043030.00000208BD36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1797409766.00000208BD36E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000D.00000003.1848765768.00000208BFA85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 0000000D.00000003.1848765768.00000208BFA85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 0000000D.00000003.1848765768.00000208BFA85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 0000000D.00000003.1848765768.00000208BFA85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 0000000D.00000003.1798043030.00000208BD36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1797409766.00000208BD36E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000D.00000003.1798043030.00000208BD36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1797409766.00000208BD36E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000D.00000003.1798043030.00000208BD36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1797409766.00000208BD36E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000D.00000003.1798043030.00000208BD36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1797409766.00000208BD36E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000D.00000003.1736856844.00000208BC43C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737161169.00000208BC477000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737012948.00000208BC45A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1735707814.00000208BC200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1736159957.00000208BC41F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000D.00000003.1846862679.00000208C4421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
    Source: firefox.exe, 0000000D.00000003.1846862679.00000208C4421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
    Source: firefox.exe, 0000000D.00000003.1925116075.00000208BFF9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 0000000F.00000002.3559530399.0000027B5CDC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED922EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3561992906.000001D7F1B04000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
    Source: firefox.exe, 0000000F.00000002.3559530399.0000027B5CDC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED922EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3561992906.000001D7F1B04000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000D.00000003.1955978633.00000208C4850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1775860540.00000208BFF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000D.00000003.1773579614.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1880247184.00000208C4538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1773093335.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870365681.00000208C4532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000D.00000003.1842833266.00000208C4D3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1929398919.00000208C4D45000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1923160687.00000208C4D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000D.00000003.1903045361.00000208C4DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922231964.00000208C4DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1943345298.00000208C4DE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
    Source: firefox.exe, 0000000D.00000003.1842833266.00000208C4DE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922231964.00000208C4DE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1943345298.00000208C4DE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903045361.00000208C4DE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
    Source: firefox.exe, 0000000D.00000003.1903045361.00000208C4DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922231964.00000208C4DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1943345298.00000208C4DE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarningElem
    Source: firefox.exe, 0000000D.00000003.1899590087.00000208BE02E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 0000000D.00000003.1773579614.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1880247184.00000208C4538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870365681.00000208C4532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000D.00000003.1773579614.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1880247184.00000208C4538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870365681.00000208C4532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000D.00000003.1773579614.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1880247184.00000208C4538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1773093335.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870365681.00000208C4532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000D.00000003.1933720385.00000208BE1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
    Source: firefox.exe, 0000000D.00000003.1736856844.00000208BC43C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737161169.00000208BC477000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737012948.00000208BC45A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1778148756.00000208BD775000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948124250.00000208BE13C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1898505309.00000208BE236000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1735707814.00000208BC200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1736159957.00000208BC41F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1876402182.00000208BE236000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000D.00000003.1738608212.00000208BC033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739264596.00000208BC01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739475508.00000208BC033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000D.00000003.1738608212.00000208BC033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739264596.00000208BC01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739475508.00000208BC033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 0000000D.00000003.1842833266.00000208C4DE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922231964.00000208C4DE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1943345298.00000208C4DE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903045361.00000208C4DE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
    Source: firefox.exe, 0000000D.00000003.1944856690.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1848531411.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1775860540.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933333224.00000208BE1C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925116075.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED92212000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3558482051.000001D7F1913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000D.00000003.1784780320.00000208BDC46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1783438069.00000208BDC48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000D.00000003.1845537110.00000208C44D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902603950.00000208C63BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928459585.00000208C63BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951562611.00000208C63BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1839380800.00000208C806D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000D.00000003.1951562611.00000208C63BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 0000000D.00000003.1944856690.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1848531411.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1775860540.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933333224.00000208BE1C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925116075.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED92212000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3558482051.000001D7F1913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000011.00000002.3558482051.000001D7F19C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000011.00000002.3558482051.000001D7F19C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 00000010.00000002.3558263883.000001ED9222F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3558482051.000001D7F1930000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000D.00000003.1931603178.00000208BEE2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 00000011.00000002.3558482051.000001D7F19C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000D.00000003.1944856690.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1848531411.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1775860540.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925116075.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 00000011.00000002.3558482051.000001D7F19C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000D.00000003.1944856690.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1848531411.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1775860540.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925116075.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000D.00000003.1944856690.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1848531411.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1775860540.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925116075.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000D.00000003.1944856690.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1848531411.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1775860540.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925116075.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000D.00000003.1773579614.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1880247184.00000208C4538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1773093335.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870365681.00000208C4532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000D.00000003.1870365681.00000208C450D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000D.00000003.1870365681.00000208C450D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000D.00000003.1773579614.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1880247184.00000208C4538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870365681.00000208C4532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000D.00000003.1773579614.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1880247184.00000208C4538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870365681.00000208C4532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000D.00000003.1736856844.00000208BC43C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737161169.00000208BC477000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737012948.00000208BC45A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1735707814.00000208BC200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1736159957.00000208BC41F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000D.00000003.1955010027.00000208C63CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842466472.00000208C63CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928459585.00000208C63CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902603950.00000208C63CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 0000000D.00000003.1848765768.00000208BFA85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 0000000D.00000003.1848765768.00000208BFA85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 0000000D.00000003.1944856690.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1848531411.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1775860540.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925116075.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 0000000D.00000003.1933720385.00000208BE1B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
    Source: firefox.exe, 0000000D.00000003.1848765768.00000208BFA85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000D.00000003.1842833266.00000208C4D35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1923160687.00000208C4D35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1929452477.00000208C4D35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842833266.00000208C4D15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000D.00000003.1842308766.00000208C7609000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 0000000D.00000003.1948124250.00000208BE11F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 0000000D.00000003.1842308766.00000208C7609000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 0000000D.00000003.1842308766.00000208C7609000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 0000000D.00000003.1842308766.00000208C7609000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 0000000D.00000003.1842308766.00000208C7609000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.13.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000D.00000003.1954132343.00000208B88B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1945296537.00000208BFAFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1848765768.00000208BFAFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933720385.00000208BE1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED9229D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3558482051.000001D7F19F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000D.00000003.1842466472.00000208C63BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955010027.00000208C63BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902603950.00000208C63BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928459585.00000208C63BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951562611.00000208C63BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/b090ceb3-85e7-4acf-a27d-cdb1a
    Source: firefox.exe, 0000000D.00000003.1954132343.00000208B88F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/a5d6ec76-765c-4778-
    Source: firefox.exe, 0000000D.00000003.1903495207.00000208C4C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/4543643b-e7ed-4913-b3d0-2e76
    Source: firefox.exe, 0000000D.00000003.1954132343.00000208B88F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/0e1db439-00cc-491e
    Source: firefox.exe, 0000000D.00000003.1954132343.00000208B88F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/35a7580c-76b9-44e2
    Source: firefox.exe, 0000000D.00000003.1954132343.00000208B88F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/5910364f-8809-4d32
    Source: firefox.exe, 00000011.00000002.3558482051.000001D7F19F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submithx
    Source: firefox.exe, 0000000D.00000003.1944856690.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1848531411.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1775860540.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925116075.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 0000000D.00000003.1773579614.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1880247184.00000208C4538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870365681.00000208C4532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1844485373.00000208C4868000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000D.00000003.1773579614.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1880247184.00000208C4538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870365681.00000208C4532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000D.00000003.1773579614.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1880247184.00000208C4538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870365681.00000208C4532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000D.00000003.1773579614.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1880247184.00000208C4538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870365681.00000208C4532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 0000000D.00000003.1778148756.00000208BD775000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953944645.00000208BC8EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1778148756.00000208BD775000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1781460446.00000208BD75E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 0000000D.00000003.1852000333.00000208BF0D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000D.00000003.1852831335.00000208BF057000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852000333.00000208BF0D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000D.00000003.1842833266.00000208C4D3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1929398919.00000208C4D45000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1923160687.00000208C4D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000D.00000003.1738608212.00000208BC033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739264596.00000208BC01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739475508.00000208BC033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000D.00000003.1738608212.00000208BC033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739264596.00000208BC01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739475508.00000208BC033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000D.00000003.1738608212.00000208BC033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739264596.00000208BC01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739475508.00000208BC033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 0000000F.00000002.3559530399.0000027B5CD73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED92286000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3558482051.000001D7F198F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000010.00000002.3558263883.000001ED92286000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestPe
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000D.00000003.1792932386.00000208BE3E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
    Source: firefox.exe, 0000000D.00000003.1954132343.00000208B88B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804279608.00000208B9D85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ok.ru/
    Source: firefox.exe, 0000000D.00000003.1738608212.00000208BC033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739264596.00000208BC01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739475508.00000208BC033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000D.00000003.1792308438.00000208BE379000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791967150.00000208BE385000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792750708.00000208BE3A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792932386.00000208BE3E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
    Source: firefox.exe, 0000000D.00000003.1792308438.00000208BE379000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791967150.00000208BE385000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792750708.00000208BE3A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792932386.00000208BE3E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
    Source: firefox.exe, 0000000D.00000003.1738608212.00000208BC033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739264596.00000208BC01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739475508.00000208BC033000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000D.00000003.1954132343.00000208B88B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 0000000D.00000003.1925116075.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 0000000D.00000003.1854788612.00000208BE4BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000D.00000003.1922231964.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903045361.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1943345298.00000208C4DB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842833266.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000D.00000003.1854788612.00000208BE4BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 0000000D.00000003.1854788612.00000208BE4BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1954132343.00000208B88B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
    Source: firefox.exe, 0000000D.00000003.1736159957.00000208BC41F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000D.00000003.1899590087.00000208BE02E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 0000000D.00000003.1928732658.00000208C6350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842466472.00000208C6350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955216906.00000208C6350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000D.00000003.1932873167.00000208BEB88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1932873167.00000208BEB88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000D.00000003.1903045361.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842833266.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000D.00000003.1842833266.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000D.00000003.1903045361.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842833266.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000D.00000003.1775860540.00000208BFF5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 0000000D.00000003.1943807332.00000208C44E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933333224.00000208BE1C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925116075.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED92212000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3558482051.000001D7F1913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000D.00000003.1943807332.00000208C44E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 0000000D.00000003.1944856690.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1945296537.00000208BFAFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1848531411.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1775860540.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1848765768.00000208BFAFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933333224.00000208BE1C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925116075.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED9229D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3558482051.000001D7F19F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 0000000D.00000003.1950341937.00000208BD8E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 0000000D.00000003.1950341937.00000208BD8E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950341937.00000208BD8BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950341937.00000208BD871000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 0000000D.00000003.1951394959.00000208BC9F7000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.13.drString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000D.00000003.1944986543.00000208BFC18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 0000000D.00000003.1846223157.00000208C4C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/security-error
    Source: firefox.exe, 0000000D.00000003.1954132343.00000208B88F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951167890.00000208BCDEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953763577.00000208BE1A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1932696183.00000208BEBD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933992743.00000208BE1A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000D.00000003.1921532530.00000208C76A1000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.13.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000D.00000003.1866061118.00000208BEFE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000D.00000003.1848765768.00000208BFAB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1945296537.00000208BFAB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: places.sqlite-wal.13.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.
    Source: firefox.exe, 0000000D.00000003.1921532530.00000208C76A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
    Source: firefox.exe, 0000000D.00000003.1773579614.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1880247184.00000208C4538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870365681.00000208C4532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000D.00000003.1924230496.00000208C48BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1840268062.00000208C78B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000D.00000003.1948124250.00000208BE13C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000D.00000003.1944856690.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1848531411.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1775860540.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925116075.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924755805.00000208C4489000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1944045455.00000208C4489000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000D.00000003.1773579614.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1880247184.00000208C4538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1773093335.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870365681.00000208C4532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000D.00000003.1924230496.00000208C48BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 0000000F.00000002.3559530399.0000027B5CDC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED922EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3561992906.000001D7F1B04000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
    Source: firefox.exe, 0000000D.00000003.1736856844.00000208BC43C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737161169.00000208BC477000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737012948.00000208BC45A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948124250.00000208BE13C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1898505309.00000208BE236000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1735707814.00000208BC200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1736159957.00000208BC41F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1876402182.00000208BE236000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: firefox.exe, 0000000D.00000003.1860169596.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805805231.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858248908.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1860929011.00000208B9D79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804996606.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804660060.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804759547.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1855788088.00000208B9D78000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805681105.00000208B9D6B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1804279608.00000208B9D85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1805728646.00000208B9D76000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000F.00000002.3559530399.0000027B5CDC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED922EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3561992906.000001D7F1B04000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
    Source: firefox.exe, 0000000D.00000003.1846862679.00000208C4421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000D.00000003.1944045455.00000208C44B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1930533507.00000208C44B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924755805.00000208C44B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1845537110.00000208C44B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000D.00000003.1773482058.00000208C45CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1774781550.00000208C475B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1773319794.00000208C45C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1773779893.00000208C45DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000D.00000003.1736856844.00000208BC43C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737161169.00000208BC477000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737012948.00000208BC45A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1735707814.00000208BC200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1736159957.00000208BC41F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000D.00000003.1844485373.00000208C4868000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1876402182.00000208BE236000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000D.00000003.1955216906.00000208C6350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1792308438.00000208BE379000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791967150.00000208BE385000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792750708.00000208BE3A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792932386.00000208BE3E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 0000000D.00000003.1792308438.00000208BE379000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791967150.00000208BE385000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792750708.00000208BE3A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792932386.00000208BE3E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000D.00000003.1948124250.00000208BE13C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
    Source: firefox.exe, 0000000D.00000003.1948853465.00000208BDDA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948853465.00000208BDD97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948853465.00000208BDD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951394959.00000208BC9F7000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.
    Source: firefox.exe, 0000000D.00000003.1921532530.00000208C76A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
    Source: firefox.exe, 0000000D.00000003.1784780320.00000208BDC46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1783438069.00000208BDC48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000D.00000003.1928732658.00000208C6350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842466472.00000208C6350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955216906.00000208C6350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.
    Source: firefox.exe, 0000000D.00000003.1921532530.00000208C76A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
    Source: firefox.exe, 0000000D.00000003.1944986543.00000208BFC18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000000D.00000003.1841756742.00000208C76B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951562611.00000208C63BC000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.13.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000D.00000003.1921532530.00000208C76A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1935900665.00000208C48D2000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
    Source: firefox.exe, 0000000D.00000003.1944986543.00000208BFC18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 0000000D.00000003.1921532530.00000208C76A1000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000D.00000003.1928732658.00000208C6350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842466472.00000208C6350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955216906.00000208C6350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 0000000F.00000002.3559530399.0000027B5CDC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED922C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3558482051.000001D7F19F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000D.00000003.1844926550.00000208C4661000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 00000011.00000002.3558482051.000001D7F19F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/Z
    Source: firefox.exe, 0000000D.00000003.1921532530.00000208C76A1000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.13.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 00000010.00000002.3558263883.000001ED922C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/pj.
    Source: firefox.exe, 0000000D.00000003.1852000333.00000208BF0D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000D.00000003.1924755805.00000208C4489000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1944045455.00000208C4489000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000D.00000003.1839865975.00000208C7FF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933720385.00000208BE1B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1840268062.00000208C78B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000D.00000003.1948124250.00000208BE13C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
    Source: firefox.exe, 0000000D.00000003.1922853884.00000208C4D7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842833266.00000208C4D7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1929105722.00000208C4D80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922655962.00000208C4D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928981939.00000208C4D84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842833266.00000208C4D83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000D.00000003.1843595097.00000208C4CF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED9220A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3558482051.000001D7F190C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924755805.00000208C4489000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1944045455.00000208C4489000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 0000000D.00000003.1853076828.00000208BEE6A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1841756742.00000208C76B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000D.00000003.1952542893.00000208BEEDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.13.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000011.00000002.3557300717.000001D7F1670000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sig
    Source: firefox.exe, 00000010.00000002.3561994661.000001ED92360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sigm
    Source: firefox.exe, 00000011.00000002.3556141926.000001D7F159A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3557300717.000001D7F1674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000B.00000002.1720321276.0000016A38C1A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1731417469.000002638E96F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000011.00000002.3556141926.000001D7F1590000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd?
    Source: firefox.exe, 0000000F.00000002.3559049644.0000027B5CCD4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3557567926.0000027B5C7E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3556637853.000001ED92020000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3561994661.000001ED92364000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3556141926.000001D7F1590000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3557300717.000001D7F1674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
    Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
    Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49755 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49759 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49765 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49771 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49772 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49777 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.4:49781 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49783 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49785 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49784 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49806 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49807 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49808 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50060 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50062 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50063 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50061 version: TLS 1.2
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DAEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00DAEAFF
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DAED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00DAED6A
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DAEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00DAEAFF
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D9A00B GetKeyboardState,SetKeyboardState,0_2_00D9A00B

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: nmy4mJXEaz.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: nmy4mJXEaz.exe, 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_3bf93b2e-5
    Source: nmy4mJXEaz.exe, 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_e02ae97b-c
    Source: nmy4mJXEaz.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_16db1508-5
    Source: nmy4mJXEaz.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_8bb1fbd0-b
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001ED920DA0B7 NtQuerySystemInformation,16_2_000001ED920DA0B7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001ED920F4B72 NtQuerySystemInformation,16_2_000001ED920F4B72
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D9D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_00D9D5EB
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D91201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00D91201
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D9E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00D9E8F6
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D3BF400_2_00D3BF40
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DA20460_2_00DA2046
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D380600_2_00D38060
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D982980_2_00D98298
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D6E4FF0_2_00D6E4FF
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D6676B0_2_00D6676B
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DC48730_2_00DC4873
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D3CAF00_2_00D3CAF0
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D5CAA00_2_00D5CAA0
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D4CC390_2_00D4CC39
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D66DD90_2_00D66DD9
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D391C00_2_00D391C0
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D4B1190_2_00D4B119
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D513940_2_00D51394
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D517060_2_00D51706
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D5781B0_2_00D5781B
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D519B00_2_00D519B0
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D4997D0_2_00D4997D
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D379200_2_00D37920
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D57A4A0_2_00D57A4A
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D57CA70_2_00D57CA7
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D51C770_2_00D51C77
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D69EEE0_2_00D69EEE
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DBBE440_2_00DBBE44
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D51F320_2_00D51F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001ED920DA0B716_2_000001ED920DA0B7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001ED920F4B7216_2_000001ED920F4B72
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001ED920F529C16_2_000001ED920F529C
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001ED920F4BB216_2_000001ED920F4BB2
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: String function: 00D4F9F2 appears 31 times
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: String function: 00D50A30 appears 46 times
    Source: nmy4mJXEaz.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@34/39@73/12
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DA37B5 GetLastError,FormatMessageW,0_2_00DA37B5
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D910BF AdjustTokenPrivileges,CloseHandle,0_2_00D910BF
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D916C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00D916C3
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DA51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00DA51CD
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D9D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_00D9D4DC
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DA648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00DA648E
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D342A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00D342A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3744:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6736:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6908:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:888:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2228:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: nmy4mJXEaz.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000D.00000003.1842466472.00000208C63BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1902603950.00000208C63BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842308766.00000208C7609000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000D.00000003.1842308766.00000208C7609000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000D.00000003.1842308766.00000208C7609000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000D.00000003.1842308766.00000208C7609000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000D.00000003.1845537110.00000208C44B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
    Source: firefox.exe, 0000000D.00000003.1842308766.00000208C7609000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000D.00000003.1842308766.00000208C7609000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000D.00000003.1842308766.00000208C7609000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000D.00000003.1842308766.00000208C7609000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000D.00000003.1842308766.00000208C7609000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: nmy4mJXEaz.exeVirustotal: Detection: 31%
    Source: nmy4mJXEaz.exeReversingLabs: Detection: 31%
    Source: unknownProcess created: C:\Users\user\Desktop\nmy4mJXEaz.exe "C:\Users\user\Desktop\nmy4mJXEaz.exe"
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89cf5a61-b060-41ad-8a73-6666f1ddae83} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 208ac66d510 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1276 -parentBuildID 20230927232528 -prefsHandle 2948 -prefMapHandle 4064 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5bcb05e-5b67-4f17-9cc9-6af984da76a6} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 208be87a110 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5344 -prefMapHandle 5292 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc27d761-b0e0-48a4-b8c9-74e9c7a8b21f} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 208be4c4710 utility
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89cf5a61-b060-41ad-8a73-6666f1ddae83} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 208ac66d510 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1276 -parentBuildID 20230927232528 -prefsHandle 2948 -prefMapHandle 4064 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5bcb05e-5b67-4f17-9cc9-6af984da76a6} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 208be87a110 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5344 -prefMapHandle 5292 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc27d761-b0e0-48a4-b8c9-74e9c7a8b21f} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 208be4c4710 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: nmy4mJXEaz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: nmy4mJXEaz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: nmy4mJXEaz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: nmy4mJXEaz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: nmy4mJXEaz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: nmy4mJXEaz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: nmy4mJXEaz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000D.00000003.1860773567.00000208B9DB3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000D.00000003.1858044254.00000208B9DB9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000D.00000003.1859138360.00000208B9DB3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000D.00000003.1860773567.00000208B9DB3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000D.00000003.1858044254.00000208B9DB9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000D.00000003.1859514966.00000208C7A41000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000D.00000003.1859138360.00000208B9DB3000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000D.00000003.1859514966.00000208C7A41000.00000004.00000020.00020000.00000000.sdmp
    Source: nmy4mJXEaz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: nmy4mJXEaz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: nmy4mJXEaz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: nmy4mJXEaz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: nmy4mJXEaz.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00D342DE
    Source: gmpopenh264.dll.tmp.13.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D50A76 push ecx; ret 0_2_00D50A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D4F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00D4F98E
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DC1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00DC1C41
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95263
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001ED920DA0B7 rdtsc 16_2_000001ED920DA0B7
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeAPI coverage: 3.9 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D9DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00D9DBBE
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DA68EE FindFirstFileW,FindClose,0_2_00DA68EE
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DA698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00DA698F
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D9D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00D9D076
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D9D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00D9D3A9
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DA9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00DA9642
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DA979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00DA979D
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DA9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00DA9B2B
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DA5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00DA5C97
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00D342DE
    Source: firefox.exe, 00000010.00000002.3562411547.000001ED927D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW|
    Source: firefox.exe, 0000000F.00000002.3557567926.0000027B5C7EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW!w
    Source: firefox.exe, 00000010.00000002.3556637853.000001ED9202A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpl}
    Source: nmy4mJXEaz.exe, 00000000.00000002.1763734790.000000000107A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3557567926.0000027B5C7EA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3561739146.000001D7F1A00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 0000000F.00000002.3562896306.0000027B5CE19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000011.00000002.3556141926.000001D7F159A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp:
    Source: firefox.exe, 0000000F.00000002.3558223215.0000027B5C888000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3562411547.000001ED927D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_000001ED920DA0B7 rdtsc 16_2_000001ED920DA0B7
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DAEAA2 BlockInput,0_2_00DAEAA2
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D62622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D62622
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00D342DE
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D54CE8 mov eax, dword ptr fs:[00000030h]0_2_00D54CE8
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D90B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00D90B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D62622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D62622
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D5083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D5083F
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D509D5 SetUnhandledExceptionFilter,0_2_00D509D5
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D50C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00D50C21
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D91201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00D91201
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D72BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00D72BA5
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D9B226 SendInput,keybd_event,0_2_00D9B226
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DB22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00DB22DA
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D90B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00D90B62
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D91663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00D91663
    Source: nmy4mJXEaz.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: nmy4mJXEaz.exeBinary or memory string: Shell_TrayWnd
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D50698 cpuid 0_2_00D50698
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D8D21C GetLocalTime,0_2_00D8D21C
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D8D27A GetUserNameW,0_2_00D8D27A
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D6BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00D6BB6F
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00D342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00D342DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: nmy4mJXEaz.exe PID: 6824, type: MEMORYSTR
    Source: nmy4mJXEaz.exeBinary or memory string: WIN_81
    Source: nmy4mJXEaz.exeBinary or memory string: WIN_XP
    Source: nmy4mJXEaz.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: nmy4mJXEaz.exeBinary or memory string: WIN_XPe
    Source: nmy4mJXEaz.exeBinary or memory string: WIN_VISTA
    Source: nmy4mJXEaz.exeBinary or memory string: WIN_7
    Source: nmy4mJXEaz.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: nmy4mJXEaz.exe PID: 6824, type: MEMORYSTR
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DB1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00DB1204
    Source: C:\Users\user\Desktop\nmy4mJXEaz.exeCode function: 0_2_00DB1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00DB1806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		11
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol11
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials1
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1575336 Sample: nmy4mJXEaz.exe Startdate: 15/12/2024 Architecture: WINDOWS Score: 80 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Credential Flusher 2->61 63 3 other signatures 2->63 8 nmy4mJXEaz.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 238 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.110, 443, 49738, 49739 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49740, 49746, 49751 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    nmy4mJXEaz.exe32%VirustotalBrowse
    nmy4mJXEaz.exe32%ReversingLabsWin32.Ransomware.Generic
    nmy4mJXEaz.exe100%AviraTR/ATRAPS.Gen
    nmy4mJXEaz.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%VirustotalBrowse
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%VirustotalBrowse

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		high
      star-mini.c10r.facebook.com
      		157.240.196.35
      		truefalse
        		high
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		high
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		high
            twitter.com
            		104.244.42.65
            		truefalse
              		high
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		high
                services.addons.mozilla.org
                		151.101.1.91
                		truefalse
                  		high
                  dyna.wikimedia.org
                  		185.15.58.224
                  		truefalse
                    		high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		high
                      contile.services.mozilla.com
                      		34.117.188.166
                      		truefalse
                        		high
                        youtube.com
                        		142.250.181.110
                        		truefalse
                          		high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          		34.160.144.191
                          		truefalse
                            		high
                            youtube-ui.l.google.com
                            		142.250.181.14
                            		truefalse
                              		high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              		34.149.128.2
                              		truefalse
                                		high
                                reddit.map.fastly.net
                                		151.101.129.140
                                		truefalse
                                  		high
                                  ipv4only.arpa
                                  		192.0.0.170
                                  		truefalse
                                    		high
                                    prod.ads.prod.webservices.mozgcp.net
                                    		34.117.188.166
                                    		truefalse
                                      		high
                                      push.services.mozilla.com
                                      		34.107.243.93
                                      		truefalse
                                        		high
                                        normandy-cdn.services.mozilla.com
                                        		35.201.103.21
                                        		truefalse
                                          		high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          		34.120.208.123
                                          		truefalse
                                            		high
                                            www.reddit.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              spocs.getpocket.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                content-signature-2.cdn.mozilla.net
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  support.mozilla.org
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    firefox.settings.services.mozilla.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.youtube.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.facebook.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          detectportal.firefox.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            normandy.cdn.mozilla.net
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              shavar.services.mozilla.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                www.wikipedia.org
                                                                		unknown
                                                                		unknownfalse
                                                                  		high

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 0000000D.00000003.1931603178.00000208BEE2B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000011.00000002.3558482051.000001D7F19C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://detectportal.firefox.com/firefox.exe, 0000000D.00000003.1944986543.00000208BFCEA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://datastudio.google.com/embed/reporting/firefox.exe, 0000000D.00000003.1842833266.00000208C4D3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1929398919.00000208C4D45000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1923160687.00000208C4D3E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.mozilla.com0gmpopenh264.dll.tmp.13.drfalse
                                                                                		high
                                                                                https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 0000000F.00000002.3559530399.0000027B5CDC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED922EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3561992906.000001D7F1B04000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                  		high
                                                                                  https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000D.00000003.1773579614.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1880247184.00000208C4538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1773093335.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870365681.00000208C4532000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000F.00000002.3559530399.0000027B5CD73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED92286000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3558482051.000001D7F198F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://spocs.getpocket.com/spocsfirefox.exe, 0000000D.00000003.1943807332.00000208C44E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://screenshots.firefox.comfirefox.exe, 0000000D.00000003.1954132343.00000208B88B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://shavar.services.mozilla.comfirefox.exe, 0000000D.00000003.1932873167.00000208BEB88000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://completion.amazon.com/search/complete?q=firefox.exe, 0000000D.00000003.1736856844.00000208BC43C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737161169.00000208BC477000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737012948.00000208BC45A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1735707814.00000208BC200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1736159957.00000208BC41F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000D.00000003.1950341937.00000208BD8E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950341937.00000208BD8BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950341937.00000208BD871000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000D.00000003.1842308766.00000208C7609000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://monitor.firefox.com/breach-details/firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000D.00000003.1848765768.00000208BFA85000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000D.00000003.1736856844.00000208BC43C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737161169.00000208BC477000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737012948.00000208BC45A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948124250.00000208BE13C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1898505309.00000208BE236000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1735707814.00000208BC200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1736159957.00000208BC41F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1876402182.00000208BE236000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.msn.comfirefox.exe, 0000000D.00000003.1852000333.00000208BF0D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000D.00000003.1736856844.00000208BC43C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737161169.00000208BC477000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1737012948.00000208BC45A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1735707814.00000208BC200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1736159957.00000208BC41F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://youtube.com/firefox.exe, 0000000D.00000003.1952542893.00000208BEEDB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://content-signature-2.cdn.mozilla.net/firefox.exe, 0000000D.00000003.1846862679.00000208C4421000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 0000000F.00000002.3559530399.0000027B5CDC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED922EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3561992906.000001D7F1B04000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                                		high
                                                                                                                                https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000D.00000003.1955216906.00000208C6350000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.instagram.com/firefox.exe, 0000000D.00000003.1792308438.00000208BE379000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791967150.00000208BE385000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792750708.00000208BE3A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792932386.00000208BE3E5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://api.accounts.firefox.com/v1firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://ok.ru/firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.amazon.com/firefox.exe, 0000000D.00000003.1924230496.00000208C48BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2firefox.exe, 0000000D.00000003.1903045361.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842833266.00000208C4DB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 0000000F.00000002.3559530399.0000027B5CDC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED922EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3561992906.000001D7F1B04000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://www.youtube.com/firefox.exe, 0000000D.00000003.1843595097.00000208C4CF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED9220A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3558482051.000001D7F190C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000D.00000003.1798043030.00000208BD36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1797409766.00000208BD36E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://MD8.mozilla.org/1/mfirefox.exe, 0000000D.00000003.1948853465.00000208BDD39000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000D.00000003.1955216906.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842466472.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928732658.00000208C6330000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000011.00000002.3558482051.000001D7F19C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://127.0.0.1:firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000D.00000003.1798043030.00000208BD36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1797409766.00000208BD36E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000D.00000003.1899590087.00000208BE02E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://bugzilla.mofirefox.exe, 0000000D.00000003.1928732658.00000208C6328000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://mitmdetection.services.mozilla.com/firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://amazon.comfirefox.exe, 0000000D.00000003.1933720385.00000208BE1B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000000D.00000003.1950341937.00000208BD8E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://youtube.com/account?=recovery.jsonlz4.tmp.13.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://shavar.services.mozilla.com/firefox.exe, 0000000D.00000003.1932873167.00000208BEB88000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000D.00000003.1903045361.00000208C4DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1922231964.00000208C4DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1943345298.00000208C4DE2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://spocs.getpocket.com/firefox.exe, 0000000D.00000003.1943807332.00000208C44E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1933333224.00000208BE1C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1925116075.00000208BFFBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED92212000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3558482051.000001D7F1913000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://www.iqiyi.com/firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://support.mozilla.org/products/firefoxgro.allizom.troppus.places.sqlite-wal.13.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000D.00000003.1848765768.00000208BFA85000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://monitor.firefox.com/aboutfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://mozilla.org/MPL/2.0/.firefox.exe, 0000000D.00000003.1952542893.00000208BEE2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1846630177.00000208C4448000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1851583412.00000208BFA43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1944045455.00000208C4483000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1931603178.00000208BEEDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871842551.00000208C47C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1774052367.00000208C47C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1885168843.00000208BE3E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953944645.00000208BC88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852619374.00000208BF07D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914379549.00000208BC407000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905907405.00000208BE366000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1914379549.00000208BC404000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1955216906.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792308438.00000208BE379000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1871009620.00000208BFDC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1892169449.00000208BE2B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1851277113.00000208BFA69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1877458503.00000208BDFD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1853076828.00000208BEEDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1931603178.00000208BEE2F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://account.bellmedia.cfirefox.exe, 0000000D.00000003.1852000333.00000208BF0D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://login.microsoftonline.comfirefox.exe, 0000000D.00000003.1852831335.00000208BF057000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1852000333.00000208BF0D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://coverage.mozilla.orgfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.13.drfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://www.zhihu.com/firefox.exe, 0000000D.00000003.1938469428.00000208BE77A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1924755805.00000208C4489000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1944045455.00000208C4489000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://x1.c.lencr.org/0firefox.exe, 0000000D.00000003.1842374438.00000208C6A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842833266.00000208C4D15000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://x1.i.lencr.org/0firefox.exe, 0000000D.00000003.1842374438.00000208C6A57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842833266.00000208C4D15000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000D.00000003.1773579614.00000208C4539000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1880247184.00000208C4538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1870365681.00000208C4532000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://blocked.cdn.mozilla.net/firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000D.00000003.1844485373.00000208C4868000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://profiler.firefox.comfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000D.00000003.1738608212.00000208BC033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739264596.00000208BC01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739475508.00000208BC033000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://identity.mozilla.com/apps/relayfirefox.exe, 0000000D.00000003.1948124250.00000208BE11F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000D.00000003.1848765768.00000208BFAB3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1945296537.00000208BFAB3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000D.00000003.1798043030.00000208BD36E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1797409766.00000208BD36E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000D.00000003.1738608212.00000208BC033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739264596.00000208BC01D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1739475508.00000208BC033000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000D.00000003.1955216906.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1842466472.00000208C6330000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1928732658.00000208C6330000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgfirefox.exe, 0000000F.00000002.3559530399.0000027B5CDC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3558263883.000001ED922EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3561992906.000001D7F1B04000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000D.00000003.1955978633.00000208C4850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1775860540.00000208BFF5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000D.00000003.1951562611.00000208C63BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://monitor.firefox.com/user/preferencesfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://screenshots.firefox.com/firefox.exe, 0000000D.00000003.1736159957.00000208BC41F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://www.google.com/searchfirefox.exe, 0000000D.00000003.1844485373.00000208C4868000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1876402182.00000208BE236000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://gpuweb.github.io/gpuweb/firefox.exe, 0000000D.00000003.1848765768.00000208BFA85000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://relay.firefox.com/api/v1/firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                        https://topsites.services.mozilla.com/cid/firefox.exe, 0000000F.00000002.3558071305.0000027B5C840000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3556977360.000001ED92060000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3557708569.000001D7F1680000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		high

                                                                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                          151.101.1.91
                                                                                                                                                                                                                                                                          		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                          		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                          34.149.100.209
                                                                                                                                                                                                                                                                          		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.107.243.93
                                                                                                                                                                                                                                                                          		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          142.250.181.110
                                                                                                                                                                                                                                                                          		youtube.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.107.221.82
                                                                                                                                                                                                                                                                          		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.244.181.201
                                                                                                                                                                                                                                                                          		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.117.188.166
                                                                                                                                                                                                                                                                          		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                          35.201.103.21
                                                                                                                                                                                                                                                                          		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.190.72.216
                                                                                                                                                                                                                                                                          		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.160.144.191
                                                                                                                                                                                                                                                                          		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.120.208.123
                                                                                                                                                                                                                                                                          		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                          Private

                                                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                          Analysis ID:1575336
                                                                                                                                                                                                                                                                          Start date and time:2024-12-15 09:31:26 +01:00
                                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                          Overall analysis duration:0h 8m 17s
                                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                          Run name:Run with higher sleep bypass
                                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:22
                                                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                          Sample name:nmy4mJXEaz.exe
                                                                                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                                                                                          Original Sample Name:e9f4f5b56fea82ed8a63d8d31a25f17d.exe
                                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                                          Classification:mal80.troj.evad.winEXE@34/39@73/12
                                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 50%
                                                                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 96%
                                                                                                                                                                                                                                                                          • Number of executed functions: 49
                                                                                                                                                                                                                                                                          • Number of non-executed functions: 295
                                                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                                                                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 44.228.225.150, 54.213.181.160, 35.85.93.176, 142.250.181.138, 142.250.181.106, 142.250.181.142, 88.221.134.209, 88.221.134.155, 23.218.208.109, 172.202.163.200, 13.107.246.63
                                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, slscr.update.microsoft.com, otelrules.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          34.117.188.1666eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                            6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                            151.101.1.91file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                34.149.100.2096eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  example.org6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                                                                                                                  • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                  star-mini.c10r.facebook.com6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  https://qr.me-qr.com/nl/sWBHqqwxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                  twitter.com6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.244.42.193

                                                                                                                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  FASTLYUS6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                  rebirth.arm5.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                  • 104.156.89.37
                                                                                                                                                                                                                                                                                                                                  LaRHzSijsq.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                                                                                                                                                  • 185.199.109.133
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                  3edTbzftGf.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                                                                                                                                                                                  • 185.199.109.133
                                                                                                                                                                                                                                                                                                                                  c56uoWlDXp.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  • 185.199.111.133
                                                                                                                                                                                                                                                                                                                                  PO_0099822111ORDER.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.193.137
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                  GOOGLE-AS-APGoogleAsiaPacificPteLtdSG6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousScreenConnect Tool, Amadey, LummaC Stealer, PureLog Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                  TRC.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.66.152.246
                                                                                                                                                                                                                                                                                                                                  ATGS-MMD-ASUS6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  rebirth.sh4.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                  • 57.162.2.122
                                                                                                                                                                                                                                                                                                                                  rebirth.arm.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                  • 48.105.135.114
                                                                                                                                                                                                                                                                                                                                  sh4.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                  • 48.183.87.136
                                                                                                                                                                                                                                                                                                                                  powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                  • 33.54.211.134
                                                                                                                                                                                                                                                                                                                                  sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                  • 48.133.95.30

                                                                                                                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  fb0aa01abe9d8e4037eb3473ca6e2dca6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                  • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                  • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                  • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                  • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                  • 151.101.1.91

                                                                                                                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_8a2666c8-3575-4968-9272-f81e9061aa9b.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.180711728289999
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:HjMXD/IcbhbVbTbfbRbObtbyEl7nUr2JA6WnSrDtTUd/SkDrD:HYEcNhnzFSJ0r1BnSrDhUd/d
                                                                                                                                                                                                                                                                                                                                                                      MD5:A5F6EFEAE6FA188E0953DBB69F5E528D
                                                                                                                                                                                                                                                                                                                                                                      SHA1:9BA2F20B2CE37BA7FA81D2047A384D65F62452C9
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:86F2CA4816D6104CFCA39468221DAD85A476ACABBC2DB71B18359D4829449615
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D1C76F68D157635DE604E244A61E51BF171EF06F4AE759AE9E5744B7229392AC1F2274CDB9ABBED9223BF82372165C1BDB120D08BC051C3CD7621E1C593C2FD5
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"type":"uninstall","id":"8a2666c8-3575-4968-9272-f81e9061aa9b","creationDate":"2024-12-15T10:32:30.093Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_8a2666c8-3575-4968-9272-f81e9061aa9b.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.180711728289999
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:HjMXD/IcbhbVbTbfbRbObtbyEl7nUr2JA6WnSrDtTUd/SkDrD:HYEcNhnzFSJ0r1BnSrDhUd/d
                                                                                                                                                                                                                                                                                                                                                                      MD5:A5F6EFEAE6FA188E0953DBB69F5E528D
                                                                                                                                                                                                                                                                                                                                                                      SHA1:9BA2F20B2CE37BA7FA81D2047A384D65F62452C9
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:86F2CA4816D6104CFCA39468221DAD85A476ACABBC2DB71B18359D4829449615
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D1C76F68D157635DE604E244A61E51BF171EF06F4AE759AE9E5744B7229392AC1F2274CDB9ABBED9223BF82372165C1BDB120D08BC051C3CD7621E1C593C2FD5
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"type":"uninstall","id":"8a2666c8-3575-4968-9272-f81e9061aa9b","creationDate":"2024-12-15T10:32:30.093Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\jumpListCache\pV+3TL7Nu3EP5juvr_gPjg==.ico

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:MS Windows icon resource - 1 icon, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 24 bits/pixel
                                                                                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):490
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.246483341090937
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:l8v/7J2T+gwjz+vdzLSMO9mj253UT3BcHXhJo:82CgwS//O91iT3BUXh6
                                                                                                                                                                                                                                                                                                                                                                      MD5:BD9751DFFFEFFA2154CC5913489ED58C
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1C9230053C45CA44883103A6ACFDF49AC53ABF45
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:834C4F18E96CFDAA395246183DE76032F1B77886764CEEBE52F6A146FA4D4C3B
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:01072F60F4B2489BB84639A6179A82A3EA90A31C1AD61D30EF27800C3114DB5E45662583E1C0B5382F51635DC14372EFC71DCD069999D6B21A5D256C70697790
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:.......................PNG........IHDR................a....IDAT8O...1P......p....d1.....v)......p.nXM.t.H.(.......B$..}_G.{.......:uN...=......s|.$...`0.....dl6.>>>p.\.v;z.......F.a:.2..D.V.....V..n...g.z.X..C...v.......=.H..d..P*...i.."...X,.B...h...xyy.V....I$..J%r....6....Z-:...P..J..........|>'...P.\&.....l6....N5...Z.x<.....h.z..'@...L&.F..'.Jq<...m6.OOO.....$..r:.......v..V..ze.\.p.R..t.Z.....r...B...3.B..0...T*E".p8.D0..`2.D.j...h..n...wF...........#......O....IEND.B`.

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                      MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                      SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                                      MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                                      SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.3174428088550196
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:Zdfw0A3TIUx2dWoM151LN8zmodfw0A3swM+bpoqdWoM151LFX1Rgm+dfw0A36lVw:ZdCcUgdwCz3dCQ6BdwuddCQadwc1
                                                                                                                                                                                                                                                                                                                                                                      MD5:806B05F94DA4FB15DF90AD3D5CBE8981
                                                                                                                                                                                                                                                                                                                                                                      SHA1:614C5B5C7ED3AF51C8253092CE01274903B12E0A
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E2C3F8DD39F5CDF148E8C51FBE49FC78E1DDC133D1D12BEDBF9FBE455E6F2928
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A057DF5CDD36E44E20BDCAADDB953162777AF6D9BBED4A9EB5F9BD5A3BB8E657AEB0E8F938582B7DE1DB8E9618400641F4ACC22CC02FABD2558565CE84E6DD3B
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:...................................FL..................F.@.. ...p.......!w...N..........S...........................P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.I.Y.D....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.D............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.D..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........P.R......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.3174428088550196
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:Zdfw0A3TIUx2dWoM151LN8zmodfw0A3swM+bpoqdWoM151LFX1Rgm+dfw0A36lVw:ZdCcUgdwCz3dCQ6BdwuddCQadwc1
                                                                                                                                                                                                                                                                                                                                                                      MD5:806B05F94DA4FB15DF90AD3D5CBE8981
                                                                                                                                                                                                                                                                                                                                                                      SHA1:614C5B5C7ED3AF51C8253092CE01274903B12E0A
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E2C3F8DD39F5CDF148E8C51FBE49FC78E1DDC133D1D12BEDBF9FBE455E6F2928
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A057DF5CDD36E44E20BDCAADDB953162777AF6D9BBED4A9EB5F9BD5A3BB8E657AEB0E8F938582B7DE1DB8E9618400641F4ACC22CC02FABD2558565CE84E6DD3B
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:...................................FL..................F.@.. ...p.......!w...N..........S...........................P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.I.Y.D....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.D............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.D..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........P.R......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QVSLFIZCF4X9XFJE8YW9.temp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.3174428088550196
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:Zdfw0A3TIUx2dWoM151LN8zmodfw0A3swM+bpoqdWoM151LFX1Rgm+dfw0A36lVw:ZdCcUgdwCz3dCQ6BdwuddCQadwc1
                                                                                                                                                                                                                                                                                                                                                                      MD5:806B05F94DA4FB15DF90AD3D5CBE8981
                                                                                                                                                                                                                                                                                                                                                                      SHA1:614C5B5C7ED3AF51C8253092CE01274903B12E0A
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E2C3F8DD39F5CDF148E8C51FBE49FC78E1DDC133D1D12BEDBF9FBE455E6F2928
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A057DF5CDD36E44E20BDCAADDB953162777AF6D9BBED4A9EB5F9BD5A3BB8E657AEB0E8F938582B7DE1DB8E9618400641F4ACC22CC02FABD2558565CE84E6DD3B
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:...................................FL..................F.@.. ...p.......!w...N..........S...........................P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.I.Y.D....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.D............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.D..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........P.R......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XUQRQ4ZMWT6QQVH905IB.temp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.3174428088550196
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:Zdfw0A3TIUx2dWoM151LN8zmodfw0A3swM+bpoqdWoM151LFX1Rgm+dfw0A36lVw:ZdCcUgdwCz3dCQ6BdwuddCQadwc1
                                                                                                                                                                                                                                                                                                                                                                      MD5:806B05F94DA4FB15DF90AD3D5CBE8981
                                                                                                                                                                                                                                                                                                                                                                      SHA1:614C5B5C7ED3AF51C8253092CE01274903B12E0A
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E2C3F8DD39F5CDF148E8C51FBE49FC78E1DDC133D1D12BEDBF9FBE455E6F2928
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A057DF5CDD36E44E20BDCAADDB953162777AF6D9BBED4A9EB5F9BD5A3BB8E657AEB0E8F938582B7DE1DB8E9618400641F4ACC22CC02FABD2558565CE84E6DD3B
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:...................................FL..................F.@.. ...p.......!w...N..........S...........................P.O. .:i.....+00.../C:\.....................1.....DW.V..PROGRA~1..t......O.I.Y.D....B...............J.....i...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.D............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.D..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........P.R......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.924085242065793
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:8S+OfJQPUFpOdwNIOdYVjvYcXaNLaiY8P:8S+OBIUjOdwiOdYVjjwLaiY8P
                                                                                                                                                                                                                                                                                                                                                                      MD5:9E1EF31CCEED0E460BE11D9291614012
                                                                                                                                                                                                                                                                                                                                                                      SHA1:E5C6D472F14219DAEA6E9200B18932702161A0E3
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E6B379C663628778D76B4C7EFE8F4D36E4D5F924F682FC9D33AC8827114DD154
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:92360072F24E76E04BE877F90C3677B5D38D5A419533A20F7AFABC0DF118C27F176C2EFE84141297223F70D9EDC2EBC6C48CC1D2B09678EC077795BE9BA439F4
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.924085242065793
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:8S+OfJQPUFpOdwNIOdYVjvYcXaNLaiY8P:8S+OBIUjOdwiOdYVjjwLaiY8P
                                                                                                                                                                                                                                                                                                                                                                      MD5:9E1EF31CCEED0E460BE11D9291614012
                                                                                                                                                                                                                                                                                                                                                                      SHA1:E5C6D472F14219DAEA6E9200B18932702161A0E3
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E6B379C663628778D76B4C7EFE8F4D36E4D5F924F682FC9D33AC8827114DD154
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:92360072F24E76E04BE877F90C3677B5D38D5A419533A20F7AFABC0DF118C27F176C2EFE84141297223F70D9EDC2EBC6C48CC1D2B09678EC077795BE9BA439F4
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                                      MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                                      MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                      MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                      SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                      MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                      SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 5
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.04905391753567332
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:DLivwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:D6wae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                                      MD5:DD9D28E87ED57D16E65B14501B4E54D1
                                                                                                                                                                                                                                                                                                                                                                      SHA1:793839B47326441BE2D1336BA9A61C9B948C578D
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:BB4E6C58C50BD6399ED70468C02B584595C29F010B66F864CD4D6B427FA365BC
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A2626F6A3CBADE62E38DA5987729D99830D0C6AA134D4A9E615026A5F18ACBB11A2C3C80917DAD76DA90ED5BAA9B0454D4A3C2DD04436735E78C974BA1D035B1
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                      MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                      SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                      MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                      SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                                                                                                                                      MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                                                                                                                                      SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                                                                                                                                      MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                                                                                                                                      SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                      MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                      SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                      • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                      MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                      SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                      • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                      MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                      SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                      MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                      SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.07332945695695665
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zki:DLhesh7Owd4+ji
                                                                                                                                                                                                                                                                                                                                                                      MD5:CD48036553C4504BD510B82C3E4C55CD
                                                                                                                                                                                                                                                                                                                                                                      SHA1:40D5F27B40499FF244C2197487D092A06DD21826
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C25D8234EC1DA80BED81C7E062720429F68FFA81A9B704D68122C86D04EDCC76
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F6C8F4822322FA8074CE8BCE242F50D2757B5228B01B9FCE51CCFCE4804E4C8C707AD0FD416ADE601D11CC60721D9CC818D353A99D195909E46D5CA3C20FD8C8
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.038602922552608575
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:GHlhVB+1UOh6iRdMRolHlhVB+1UOh6iRdMJSl8a9//Ylll4llqlyllel4lt:G7VYeO66dV7VYeO66d7L9XIwlio
                                                                                                                                                                                                                                                                                                                                                                      MD5:6956AEFFD11854F0E59FEFCE9EE30128
                                                                                                                                                                                                                                                                                                                                                                      SHA1:C154C667365109CDDE876DD58178F9D1F95EEE6E
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:46CDC22E4C1E014CB6FA9CF7AFB6F0EB201E6C28BA67AD2B1D305BD116273765
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:BF65A34DD4E1B0C9F5E0CF0235499900B4440E8EBAA676BA2F8BF215B1FB40E2A7B9780C0B0C2FE4A33B0B94E10FC578DDAD432ABC596B41F5BBC8A3C3D8E491
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:..-......................\.}=..)-..G...c.xorJ....-......................\.}=..)-..G...c.xorJ..........................................................'...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):163992
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.11782826905055457
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:Kl4e9jfksSLxsZ+EQjxsMltTAUCF2QWUCZ7CCQE/TKCbCMxsaxRmwlXiqVZ2i7+:4M9QSJtUnWdU+RVx1EAZk
                                                                                                                                                                                                                                                                                                                                                                      MD5:D997CA4911178F931142E2B509AFEDF6
                                                                                                                                                                                                                                                                                                                                                                      SHA1:007A0DB63B1A32222FB53871B650E864B629C356
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FE9374213B38E0F3853F40111FF9423FD259CCB96227DD313543042869E95A9A
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:C99724FEE4FD09BF403D05816F5BE6DEC82DB763ACBC82190A01C290E064AFA0A3928DC0FE208026DCDA9E72BEB678552D59B3B93C9210F20428AE4A2055E7C4
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:7....-..........-..G...c...@8T..........-..G...cfQ.J..Y................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):13254
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.494814282767926
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:ynaRtLYbBp6Thj4qyaaXom6KPeNy6D5RfGNBw8dwSl:3epqbwKn/cw70
                                                                                                                                                                                                                                                                                                                                                                      MD5:22FCF95A1FDA80D63C68B29720667DBF
                                                                                                                                                                                                                                                                                                                                                                      SHA1:81CA65D00A1B0466CCA41853A16499640E98A6D5
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:EFC9C00FF871EC1C13BDB8CE5877372A033E2AD4113C128CEE40552B1975012A
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:355E2A0A01BBF880F6E7FBFF21798BC6051E8B69B82EE7E5ED657B4FDD8C6CF04C4169B3F7A963317684B554D591F6B1F25ADC62C12CFE006CDEA0F7D567570C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734258720);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734258720);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734258720);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173425

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):13254
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.494814282767926
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:ynaRtLYbBp6Thj4qyaaXom6KPeNy6D5RfGNBw8dwSl:3epqbwKn/cw70
                                                                                                                                                                                                                                                                                                                                                                      MD5:22FCF95A1FDA80D63C68B29720667DBF
                                                                                                                                                                                                                                                                                                                                                                      SHA1:81CA65D00A1B0466CCA41853A16499640E98A6D5
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:EFC9C00FF871EC1C13BDB8CE5877372A033E2AD4113C128CEE40552B1975012A
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:355E2A0A01BBF880F6E7FBFF21798BC6051E8B69B82EE7E5ED657B4FDD8C6CF04C4169B3F7A963317684B554D591F6B1F25ADC62C12CFE006CDEA0F7D567570C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734258720);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734258720);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734258720);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173425

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:6:ltBl/l4/WN1h4BEJYqWvLue3FMOrMZ0l:DBl/WuntfJiFxMZO
                                                                                                                                                                                                                                                                                                                                                                      MD5:18F65713B07CB441E6A98655B726D098
                                                                                                                                                                                                                                                                                                                                                                      SHA1:2CEFA32BC26B25BE81C411B60C9925CB0F1F8F88
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:B6C268E48546B113551A5AF9CA86BB6A462A512DE6C9289315E125CEB0FD8621
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A6871076C7D7ED53B630F9F144ED04303AD54A2E60B94ECA2AA96964D1AB375EEFDCA86CE0D3EB0E9DBB81470C6BD159877125A080C95EB17E54A52427F805FB
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                      MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                      SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                      MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                      SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1574
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.33387072201183
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:v+USUGlcAxSqLXnIgU/pnxQwRlscT5sKt0h9U3eHVQj6TYDehujJlOsITmNVr0ay:GUpOx30nRf2U3eHTcTJlBquR4
                                                                                                                                                                                                                                                                                                                                                                      MD5:9898BADEC7181B840D511B474A550094
                                                                                                                                                                                                                                                                                                                                                                      SHA1:F3919300359701BC1118CD1F40348AB070F88576
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:5BA57C25637E6EFA69FAB1C6E3445CED2465FD3B0BC8F55E9FEC2150B619EE5A
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:7D43E3379211A98BADBDD42476434DF0D3CE7C8E961FEA93C4BE9BBB5F522BD0D70B17D274DC0BEAD45CEE0E986F8D5256937A33DEAEA5ABD5C31FD53BBE9CBF
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{9d785db8-075f-48aa-9edc-249b4a511d9f}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734258727034,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758...dth":116....eight":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..jUpdate...5,"startTim..`690044...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....696314,"originA.

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1574
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.33387072201183
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:v+USUGlcAxSqLXnIgU/pnxQwRlscT5sKt0h9U3eHVQj6TYDehujJlOsITmNVr0ay:GUpOx30nRf2U3eHTcTJlBquR4
                                                                                                                                                                                                                                                                                                                                                                      MD5:9898BADEC7181B840D511B474A550094
                                                                                                                                                                                                                                                                                                                                                                      SHA1:F3919300359701BC1118CD1F40348AB070F88576
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:5BA57C25637E6EFA69FAB1C6E3445CED2465FD3B0BC8F55E9FEC2150B619EE5A
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:7D43E3379211A98BADBDD42476434DF0D3CE7C8E961FEA93C4BE9BBB5F522BD0D70B17D274DC0BEAD45CEE0E986F8D5256937A33DEAEA5ABD5C31FD53BBE9CBF
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{9d785db8-075f-48aa-9edc-249b4a511d9f}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734258727034,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758...dth":116....eight":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..jUpdate...5,"startTim..`690044...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....696314,"originA.

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1574
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.33387072201183
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:v+USUGlcAxSqLXnIgU/pnxQwRlscT5sKt0h9U3eHVQj6TYDehujJlOsITmNVr0ay:GUpOx30nRf2U3eHTcTJlBquR4
                                                                                                                                                                                                                                                                                                                                                                      MD5:9898BADEC7181B840D511B474A550094
                                                                                                                                                                                                                                                                                                                                                                      SHA1:F3919300359701BC1118CD1F40348AB070F88576
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:5BA57C25637E6EFA69FAB1C6E3445CED2465FD3B0BC8F55E9FEC2150B619EE5A
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:7D43E3379211A98BADBDD42476434DF0D3CE7C8E961FEA93C4BE9BBB5F522BD0D70B17D274DC0BEAD45CEE0E986F8D5256937A33DEAEA5ABD5C31FD53BBE9CBF
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{9d785db8-075f-48aa-9edc-249b4a511d9f}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734258727034,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758...dth":116....eight":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...Wm..l........j..:....1":{..jUpdate...5,"startTim..`690044...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....696314,"originA.

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                                      MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                                                                                                                      SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.034317892703228
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YrSAYL6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyJW:ycLyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                      MD5:E92147E260E3E8F1A03B47A6A33C5E93
                                                                                                                                                                                                                                                                                                                                                                      SHA1:341951E5A892F2E9FE257D3FB06D1FEECC04A78A
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:3CF1076FF409DC47F1BF6966CC226879BB267BE7ACD87837399D2222EC28E292
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:63E26B7C9CC0376B17AEB647FC564CCD9BADA0D60001665EA4EE599C2EEB3B916A2C42A205628A680724D900815D4390CD89CBEF7EEDBE20F8CBAAE705C4025F
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-15T10:31:47.416Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.034317892703228
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YrSAYL6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyJW:ycLyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                      MD5:E92147E260E3E8F1A03B47A6A33C5E93
                                                                                                                                                                                                                                                                                                                                                                      SHA1:341951E5A892F2E9FE257D3FB06D1FEECC04A78A
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:3CF1076FF409DC47F1BF6966CC226879BB267BE7ACD87837399D2222EC28E292
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:63E26B7C9CC0376B17AEB647FC564CCD9BADA0D60001665EA4EE599C2EEB3B916A2C42A205628A680724D900815D4390CD89CBEF7EEDBE20F8CBAAE705C4025F
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-15T10:31:47.416Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.708471129092041
                                                                                                                                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                                      File name:nmy4mJXEaz.exe
                                                                                                                                                                                                                                                                                                                                                                      File size:972'800 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5:e9f4f5b56fea82ed8a63d8d31a25f17d
                                                                                                                                                                                                                                                                                                                                                                      SHA1:f2bef840a55118cd7a4f8ccf6182efa58db58fe8
                                                                                                                                                                                                                                                                                                                                                                      SHA256:b1b159e551802a83f91b224af4f670f3ee6e8ebe28f115d19620dfa51dc75e26
                                                                                                                                                                                                                                                                                                                                                                      SHA512:fd7ec916910d7008b94e528b98dcffe4df7d7d4d8a1bbfdcb85f2332066360da7ea3d8009495f0c460af60c3f7ea1c787a0df7c05aa323a8c9356f22957caa1b
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:GqDEvCTbMWu7rQYlBQcBiT6rprG8aAxSba:GTvC/MTQYxsWR7aAkb
                                                                                                                                                                                                                                                                                                                                                                      TLSH:5F25AE0273C1C062FF9B92334B5AF6515BBC69260123E62F13A81DB9BD705B1563E7A3
                                                                                                                                                                                                                                                                                                                                                                      File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                                                                                                                                      Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                      Time Stamp:0x675DDA2C [Sat Dec 14 19:19:08 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                                      OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                      File Version Major:5
                                                                                                                                                                                                                                                                                                                                                                      File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                                      Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                      Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                                                                                                                                      call 00007FC8E86B58E3h
                                                                                                                                                                                                                                                                                                                                                                      jmp 00007FC8E86B51EFh
                                                                                                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                                                                                                      push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                      mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                      call 00007FC8E86B53CDh
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                      mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                                                                                                                                                                      pop ebp
                                                                                                                                                                                                                                                                                                                                                                      retn 0004h
                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                      mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                                                                                                      push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                      mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                      call 00007FC8E86B539Ah
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                      mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                                                                                                                                                                      pop ebp
                                                                                                                                                                                                                                                                                                                                                                      retn 0004h
                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                      mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                                                                                                      mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                      lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                                                                                                      mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                      add eax, 04h
                                                                                                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                                                                                                      call 00007FC8E86B7F8Dh
                                                                                                                                                                                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                                                                                                                                                                                      mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                                                                                                                                                                      pop ebp
                                                                                                                                                                                                                                                                                                                                                                      retn 0004h
                                                                                                                                                                                                                                                                                                                                                                      lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                                                                                                      call 00007FC8E86B7FD8h
                                                                                                                                                                                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                                                                                                      mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                      lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                                                                                                      call 00007FC8E86B7FC1h
                                                                                                                                                                                                                                                                                                                                                                      test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                                      pop ecx

                                                                                                                                                                                                                                                                                                                                                                      Rich Headers

                                                                                                                                                                                                                                                                                                                                                                      Programming Language:
                                                                                                                                                                                                                                                                                                                                                                      • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                      • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x16d88.rsrc
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xeb0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                      .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                      .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                      .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                      .rsrc0xd40000x16d880x16e00894dd26a42089a2ca8e87bef456db87eFalse0.7112043203551912data7.203528193939016IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                      .reloc0xeb0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                                      RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                                      RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                                      RT_RCDATA0xdc8fc0xdf0cdata1.0004553415061297
                                                                                                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0xea8080x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0xea8800x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0xea8940x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0xea8a80x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                      RT_VERSION0xea8bc0xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                                      RT_MANIFEST0xea9980x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                                                                                                                                      WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                                      VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                                      WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                                      COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                                      MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                                      WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                                      PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                                      IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                                      USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                                      UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                                      KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                                      USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                                      GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                                      COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                                      ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                                      SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                                      ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                                      OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                      EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:25.255954981 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:25.256019115 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:25.258862019 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:25.261677980 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:25.261696100 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:26.484834909 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:26.484914064 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:26.493745089 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:26.493755102 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:26.493859053 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:26.494812012 CET4434973635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:26.494877100 CET49736443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.873814106 CET49738443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.873857975 CET44349738142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.874084949 CET49738443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.875701904 CET49738443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.875741005 CET44349738142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.933981895 CET49739443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.934068918 CET44349739142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.938899040 CET49739443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.940459013 CET49739443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.940490961 CET44349739142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.162400961 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.282347918 CET804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.282432079 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.892911911 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.893258095 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.893357992 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.894196987 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.895426035 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.895466089 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.012792110 CET804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.064966917 CET49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.065023899 CET4434974334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.065609932 CET49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.070070028 CET49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.070111036 CET4434974334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.070662022 CET49744443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.070746899 CET4434974435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.079277039 CET49744443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.079524994 CET49744443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.079555035 CET4434974435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.101489067 CET49745443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.101530075 CET4434974534.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.101598978 CET49745443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.101705074 CET49745443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.101712942 CET4434974534.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.368706942 CET804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.420001030 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.586723089 CET44349738142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.586922884 CET49738443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.587750912 CET44349738142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.587800026 CET49738443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.591516018 CET49738443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.591523886 CET44349738142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.591597080 CET49738443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.591795921 CET44349738142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.591869116 CET49738443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.625492096 CET4974680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.633192062 CET44349739142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.633466005 CET49739443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.634620905 CET44349739142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.634682894 CET49739443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.638166904 CET49739443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.638176918 CET44349739142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.638266087 CET49739443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.638406038 CET44349739142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.638642073 CET49739443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.638665915 CET49747443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.638694048 CET44349747142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.638752937 CET49747443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.640069008 CET49747443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.640085936 CET44349747142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.745691061 CET804974634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.752188921 CET4974680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.752711058 CET4974680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.872787952 CET804974634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.128329039 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.130673885 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.134604931 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.134625912 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.134747028 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.134885073 CET4434974234.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.135143995 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.135163069 CET49742443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.135195017 CET4434974834.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.135267973 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.136447906 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.136457920 CET4434974834.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.290616035 CET4434974334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.299329996 CET4434974334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.304174900 CET49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.304574013 CET4434974435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.304589033 CET4434974435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.304678917 CET49744443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.308770895 CET49744443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.308794022 CET4434974435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.309072018 CET4434974435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.310652971 CET49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.310664892 CET4434974334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.310726881 CET49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.310822010 CET4434974334.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.312511921 CET49744443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.312562943 CET49744443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.312657118 CET4434974435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.312689066 CET49744443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.312696934 CET49743443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.312882900 CET49744443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.328048944 CET4434974534.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.329596043 CET49745443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.332075119 CET49745443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.332104921 CET4434974534.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.332164049 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.332544088 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.332602978 CET4434974534.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.332659960 CET4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.335717916 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.337023973 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.337060928 CET4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.337105989 CET49745443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.337160110 CET49745443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.337302923 CET4434974534.160.144.191192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.337378979 CET49745443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.449282885 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.452558994 CET804974034.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.452630997 CET4974080192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.569176912 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.570034027 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.653542042 CET49752443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.653625965 CET4434975234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.653955936 CET49753443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.654016972 CET4434975334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.654526949 CET49753443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.654546976 CET49752443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.655699968 CET49752443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.655736923 CET4434975234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.656876087 CET49753443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.656891108 CET4434975334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.685676098 CET49754443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.685702085 CET4434975434.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.686970949 CET49754443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.688139915 CET49754443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.688148022 CET4434975434.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.694294930 CET49755443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.694375992 CET4434975535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.694480896 CET49755443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.694597006 CET49755443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.694617987 CET4434975535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.721965075 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.839762926 CET804974634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.841928005 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.842008114 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.864584923 CET4974680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.864717007 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.984529018 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.984891891 CET804974634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.984946966 CET4974680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.337691069 CET44349747142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.337814093 CET49747443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.340477943 CET44349747142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.340586901 CET49747443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.344829082 CET49747443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.344851017 CET44349747142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.344949961 CET49747443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.345066071 CET44349747142.250.181.110192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.345314026 CET49747443192.168.2.4142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.356533051 CET4434974834.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.357423067 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.360971928 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.360987902 CET4434974834.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.361037016 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.361171961 CET4434974834.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.364084005 CET49748443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.461493969 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.581320047 CET4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.581393003 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.581439972 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.582456112 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.585911036 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.585921049 CET4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.586004019 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.586100101 CET4434974934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.587786913 CET49749443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.870765924 CET4434975334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.870893955 CET49753443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.875597954 CET49753443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.875607014 CET4434975334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.875693083 CET49753443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.875770092 CET4434975334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.875849009 CET49753443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.879112959 CET4434975234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.879189014 CET49752443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.883721113 CET49752443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.883769989 CET4434975234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.883799076 CET49752443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.884017944 CET4434975234.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.884115934 CET49752443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.907491922 CET4434975535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.907680988 CET49755443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.910080910 CET49755443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.910100937 CET4434975535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.910464048 CET4434975535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.912409067 CET49755443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.912452936 CET49755443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.912600040 CET4434975535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.912769079 CET49755443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.917166948 CET4434975434.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.917228937 CET49754443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.921246052 CET49754443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.921248913 CET4434975434.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.921295881 CET49754443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.921484947 CET4434975434.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.922450066 CET49754443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.927427053 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.978522062 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.531579971 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.532171965 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.557195902 CET49759443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.557256937 CET4434975934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.566339016 CET49759443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.652091026 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.652638912 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.653738022 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.847839117 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.898410082 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:35.235887051 CET49759443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:35.235914946 CET4434975934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.149966002 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.150279045 CET49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.150325060 CET4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.153311014 CET49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.154771090 CET49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.154787064 CET4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.270200014 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.454387903 CET4434975934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.454421043 CET4434975934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.454509020 CET49759443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.464617014 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.488750935 CET49759443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.488779068 CET4434975934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.489633083 CET4434975934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.509170055 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.543020010 CET49759443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.543131113 CET49759443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.543335915 CET4434975934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.543410063 CET49759443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:37.164634943 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:37.285325050 CET804975134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:37.285402060 CET4975180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:37.370565891 CET4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:37.370646000 CET49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:37.374269962 CET49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:37.374294996 CET4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:37.374346018 CET49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:37.374543905 CET4434976134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:37.374845982 CET49761443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.667970896 CET49765443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.668040991 CET4434976534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.668204069 CET49765443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.668342113 CET49765443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.668358088 CET4434976534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.710187912 CET49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.710236073 CET4434976634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.718561888 CET49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.719866991 CET49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.719882011 CET4434976634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.047012091 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.166870117 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.300153017 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.301229000 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.301276922 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.303106070 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.304380894 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.304399014 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.361634970 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.404869080 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.421260118 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.547363043 CET49768443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.547413111 CET4434976834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.547956944 CET49768443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.549324036 CET49768443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.549340010 CET4434976834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.615494967 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.658819914 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.881953955 CET4434976534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.882195950 CET49765443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.884702921 CET49765443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.884730101 CET4434976534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.885133982 CET4434976534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.887263060 CET49765443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.887497902 CET49765443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.887571096 CET4434976534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.887624025 CET49765443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.939048052 CET4434976634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.939083099 CET4434976634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.939156055 CET49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.943265915 CET49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.943267107 CET49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.943356991 CET4434976634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.943588972 CET4434976634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.943645954 CET49766443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:42.518724918 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:42.523783922 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:42.762485981 CET4434976834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:42.766890049 CET49768443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:43.181689024 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:43.181761980 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:43.181796074 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:43.181900978 CET49768443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:43.181945086 CET4434976834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:43.181958914 CET49768443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:43.182396889 CET4434976734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:43.182471037 CET49767443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:43.182534933 CET4434976834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:43.182588100 CET49768443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.051333904 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.164902925 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.164943933 CET4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.166413069 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.168567896 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.168697119 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.168705940 CET4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.171335936 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.286757946 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.365797997 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.408343077 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.481858969 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.524000883 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.699244976 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.699372053 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.699491978 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.699583054 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.699601889 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.700867891 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.704977036 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.705066919 CET4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.705208063 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.706408024 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.706439972 CET4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.820857048 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:45.015610933 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:45.056725025 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:45.381284952 CET4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:45.381387949 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:45.783638000 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:45.783658981 CET4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:45.783956051 CET4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:45.827769995 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:45.912686110 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:45.912766933 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:45.943183899 CET4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:45.943278074 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.106817007 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.106894970 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.107866049 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.109536886 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.109658003 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.110162973 CET4434977134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.110340118 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.110397100 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.110843897 CET4434977234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.112018108 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.112083912 CET4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.112118959 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.112574100 CET4434977334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.113050938 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.113054037 CET49771443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.113086939 CET49773443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.113090038 CET49772443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.263674974 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.268070936 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.268105030 CET4434977434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.268331051 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.270368099 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.270381927 CET4434977434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.383599997 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.579056025 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.582653999 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.630215883 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.702523947 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.897248030 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.946696043 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.481477976 CET4434977434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.481581926 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.485589027 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.485622883 CET4434977434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.485666990 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.485816956 CET4434977434.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.488646030 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.491852045 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.491941929 CET4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.492650986 CET49774443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.492676973 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.493904114 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.493933916 CET4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.608508110 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.803567886 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.807872057 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.849272966 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.927895069 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:48.122750998 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:48.165765047 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:48.710992098 CET4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:48.711102962 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:48.716809034 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:48.716833115 CET4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:48.716958046 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:48.717005014 CET4434977534.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:48.718837023 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:48.719228983 CET49775443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:48.838645935 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:49.033569098 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:49.040847063 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:49.084081888 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:49.161000967 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:49.355542898 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:49.407161951 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:52.297656059 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:52.417459965 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:52.613034964 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:52.616554022 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:52.664257050 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:52.736543894 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:52.931163073 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:52.980755091 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.178419113 CET49777443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.178483009 CET4434977735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.183784008 CET49777443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.183938980 CET49777443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.183955908 CET4434977735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.201492071 CET49778443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.201601982 CET4434977834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.206212997 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.206242085 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.210810900 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.210846901 CET4434978035.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.210902929 CET49778443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.211122036 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.212301016 CET49778443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.212343931 CET4434977834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.212436914 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.212454081 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.212640047 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.214149952 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.214163065 CET4434978035.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.340718985 CET49781443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.340756893 CET44349781151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.341078997 CET49781443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.341348886 CET49781443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.341372967 CET44349781151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.348340988 CET49782443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.348367929 CET4434978235.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.348445892 CET49782443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.349827051 CET49782443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.349843025 CET4434978235.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.399986029 CET4434977735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.400091887 CET49777443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.403053999 CET49777443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.403081894 CET4434977735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.403409004 CET4434977735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.405467033 CET49777443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.405550957 CET49777443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.405742884 CET4434977735.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.406158924 CET49777443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.409173965 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.423566103 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.423645973 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.426318884 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.426336050 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.426656961 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.428818941 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.428885937 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.428975105 CET4434977934.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.429852009 CET49779443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.430195093 CET4434977834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.430236101 CET4434977834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.430279970 CET49778443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.430787086 CET4434978035.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.430847883 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.436104059 CET49778443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.436147928 CET4434977834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.436218023 CET49778443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.436398983 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.436405897 CET4434977834.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.436410904 CET4434978035.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.436451912 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.436589003 CET4434978035.190.72.216192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.436613083 CET49778443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.436747074 CET49780443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.529156923 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.565638065 CET44349781151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.565702915 CET49781443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.568603992 CET49781443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.568623066 CET44349781151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.569036961 CET44349781151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.570854902 CET49781443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.570940971 CET49781443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.571033001 CET44349781151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.572593927 CET49781443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.576482058 CET4434978235.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.577517986 CET49782443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.579762936 CET49783443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.579799891 CET4434978335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.579978943 CET49783443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.580178022 CET49783443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.580195904 CET4434978335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.582031965 CET49782443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.582061052 CET4434978235.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.582106113 CET49782443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.582366943 CET4434978235.201.103.21192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.582710028 CET49784443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.582818985 CET4434978435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.583585024 CET49782443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.583628893 CET49784443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.583769083 CET49784443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.583794117 CET4434978435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.586323023 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.586407900 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.587599993 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.587702990 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.587729931 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.595551968 CET49786443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.595658064 CET4434978634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.595746994 CET49786443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.595856905 CET49786443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.595880032 CET4434978634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.724083900 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.726670027 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.773144960 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.846465111 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.041297913 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.089756966 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.794321060 CET4434978335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.794429064 CET49783443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.798124075 CET49783443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.798130035 CET4434978335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.798360109 CET4434978335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.800618887 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.800720930 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.802803993 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.802830935 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.803169012 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.803636074 CET49783443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.803764105 CET4434978335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.803793907 CET49783443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.803802013 CET4434978335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.804740906 CET4434978435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.806540966 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.806592941 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.806715965 CET4434978535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.807378054 CET49785443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.807394981 CET49783443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.807415009 CET49784443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.809668064 CET49784443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.809696913 CET4434978435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.810518980 CET4434978435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.811614037 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.813095093 CET49784443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.813184977 CET49784443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.813417912 CET4434978634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.813455105 CET4434978435.244.181.201192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.813622952 CET49784443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.813652992 CET49786443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.816090107 CET49786443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.816119909 CET4434978634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.816899061 CET4434978634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.820499897 CET49786443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.820576906 CET49786443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.820988894 CET4434978634.149.100.209192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.821175098 CET49786443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:57.031783104 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:57.227366924 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:57.230401993 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:57.277530909 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:57.350363970 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:57.544905901 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:57.593971014 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:07.237874031 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:07.357964039 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:07.554169893 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:07.674120903 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:15.718843937 CET49789443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:15.718947887 CET4434978934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:15.719129086 CET49789443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:15.720381021 CET49789443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:15.720416069 CET4434978934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:16.940289974 CET4434978934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:16.940423965 CET49789443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:16.945081949 CET49789443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:16.945096970 CET4434978934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:16.945342064 CET49789443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:16.945432901 CET4434978934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:16.945744038 CET49789443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:16.947710991 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:17.067574024 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:17.263428926 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:17.266583920 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:17.319135904 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:17.386745930 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:17.581254005 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:17.635494947 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.199568033 CET49806443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.199635029 CET4434980634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.199732065 CET49807443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.199796915 CET4434980734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.199927092 CET49808443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.200012922 CET4434980834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.200218916 CET49806443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.200398922 CET49807443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.200401068 CET49808443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.200406075 CET49806443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.200439930 CET4434980634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.200515985 CET49808443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.200548887 CET4434980834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.200584888 CET49807443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.200612068 CET4434980734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.413547039 CET4434980634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.413675070 CET49806443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.416533947 CET4434980734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.416539907 CET49806443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.416557074 CET4434980634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.416578054 CET4434980834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.416764021 CET4434980634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.417115927 CET49807443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.418783903 CET49808443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.419344902 CET49807443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.419373035 CET4434980734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.419908047 CET4434980734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.422003031 CET49808443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.422019958 CET4434980834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.422372103 CET4434980834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.424494982 CET49806443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.424593925 CET49806443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.424627066 CET4434980634.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.425906897 CET49807443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.425971985 CET49807443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.426110983 CET4434980734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.426496029 CET49808443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.426564932 CET49808443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.426665068 CET4434980834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.427468061 CET49807443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.427476883 CET49808443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.427496910 CET49806443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.427515030 CET49807443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.430375099 CET49808443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.430388927 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.550317049 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.745369911 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.749560118 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.789798975 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.869363070 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:26.064234972 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:26.106368065 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:35.749682903 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:35.869627953 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:36.072768927 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:36.192982912 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:45.873240948 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:45.993134022 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:46.205317974 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:46.325141907 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:56.001322985 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:56.121850967 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:56.333585978 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:56.530685902 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:57.316786051 CET49885443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:57.316807032 CET4434988534.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:57.317126989 CET49885443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:57.318404913 CET49885443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:57.318417072 CET4434988534.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:58.536776066 CET4434988534.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:58.537152052 CET49885443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:58.544177055 CET49885443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:58.544177055 CET49885443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:58.544214964 CET4434988534.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:58.544522047 CET4434988534.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:58.545032978 CET49885443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:58.546943903 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:58.667103052 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:58.862622023 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:58.866772890 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:58.909204006 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:58.987008095 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:59.181462049 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:59.225792885 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:08.873435974 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:08.993552923 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:09.190071106 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:09.310540915 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:18.997133970 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:19.116899014 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:19.313564062 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:19.435533047 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:29.125148058 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:29.245590925 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:29.441090107 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:29.569349051 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:39.253772974 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:39.374269962 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:39.570209026 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:39.690476894 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:49.382827997 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:49.503890991 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:49.699457884 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:49.821352005 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:59.512588024 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:59.635066986 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:59.829091072 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:59.949009895 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:09.641634941 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:09.761396885 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:09.958112955 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:10.078586102 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.429583073 CET50059443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.429672956 CET4435005934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.429929018 CET50059443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.432066917 CET50059443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.432101965 CET4435005934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.768465996 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.888951063 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.085026979 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.205571890 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.652878046 CET4435005934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.653281927 CET50059443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.661603928 CET50059443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.661660910 CET4435005934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.661715031 CET50059443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.661990881 CET4435005934.107.243.93192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.662225962 CET50059443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.665047884 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.786304951 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.980745077 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.985522985 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:21.040510893 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:21.105710983 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:21.306763887 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:21.357136965 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.795078993 CET50060443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.795166969 CET4435006034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.795265913 CET50061443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.795377016 CET4435006134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.795416117 CET50062443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.795439005 CET4435006234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.795568943 CET50063443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.795589924 CET4435006334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.795689106 CET50060443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.795718908 CET50061443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.795720100 CET50063443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.795759916 CET50062443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.795897007 CET50060443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.795928955 CET4435006034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.796062946 CET50063443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.796098948 CET4435006334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.796180964 CET50062443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.796206951 CET4435006234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.796295881 CET50061443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.796319962 CET4435006134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.013590097 CET4435006034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.013701916 CET50060443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.017777920 CET50060443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.017810106 CET4435006034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.017991066 CET4435006234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.018171072 CET4435006034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.018209934 CET50062443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.018876076 CET4435006334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.020631075 CET4435006134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.021440983 CET50062443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.021452904 CET4435006234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.021689892 CET50063443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.021812916 CET50061443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.021853924 CET4435006234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.025130033 CET50063443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.025175095 CET4435006334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.025549889 CET4435006334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.028394938 CET50061443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.028419971 CET4435006134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.028800964 CET4435006134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.032902956 CET50060443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.033169985 CET4435006034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.033401966 CET50060443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.033762932 CET50060443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.033792973 CET4435006034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.035695076 CET50062443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.035881042 CET50062443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.035969019 CET4435006234.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.037055969 CET50063443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.037209034 CET50063443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.037309885 CET50061443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.037405968 CET50061443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.037461042 CET4435006334.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.037718058 CET4435006134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.037791967 CET50062443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.037810087 CET50063443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.037810087 CET50061443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.039582968 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.251521111 CET804975634.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.251789093 CET4975680192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.270780087 CET5006480192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.392680883 CET805006434.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.410623074 CET5006480192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.410686016 CET5006480192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.533042908 CET805006434.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:28.498831987 CET805006434.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:28.501779079 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:28.502363920 CET5006580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:28.552073956 CET5006480192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:28.622313023 CET804975834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:28.622395992 CET4975880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:28.622400999 CET805006534.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:28.622487068 CET5006580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:28.622638941 CET5006580192.168.2.434.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:28.742471933 CET805006534.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:29.708729982 CET805006534.107.221.82192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:29.755592108 CET5006580192.168.2.434.107.221.82

                                                                                                                                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:25.255960941 CET6268953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:25.395088911 CET53626891.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:25.396042109 CET6478353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:25.533678055 CET53647831.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.734137058 CET6541753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.734882116 CET4983253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.872931957 CET53498321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.875267982 CET5127253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.875452995 CET6196253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.012572050 CET53512721.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.013173103 CET5570153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.013627052 CET53619621.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.014404058 CET5517453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.150784016 CET53557011.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.151482105 CET53551741.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.156419039 CET5249653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.302493095 CET53524961.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.893529892 CET6229353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.926162004 CET6140353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.963088036 CET5397453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.030884027 CET53622931.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.031397104 CET5237753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.063693047 CET53614031.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.065454006 CET5416953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.071091890 CET5864053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.100714922 CET53539741.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.169246912 CET53523771.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.170105934 CET5711653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.204175949 CET53541691.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.204859972 CET5038753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.210841894 CET53586401.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.211376905 CET5384253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.308384895 CET53571161.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.313549042 CET5977253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.342871904 CET53503871.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.348500013 CET53538421.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.439380884 CET4933353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.439934015 CET6099253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.452634096 CET53597721.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.483532906 CET5516353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.579911947 CET53493331.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.580136061 CET53609921.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.203289032 CET5480053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.263844013 CET5623153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.401453018 CET53562311.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.402713060 CET5089053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.502244949 CET5356553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.542685032 CET53508901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.544522047 CET5700453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.642550945 CET53535651.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.666038990 CET5059653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.681782961 CET53570041.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.686341047 CET6046853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.802964926 CET53505961.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.806010008 CET5938053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.823685884 CET53604681.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.824510098 CET5578653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.894946098 CET53616251.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.944664955 CET53593801.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.961759090 CET53557861.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.225739002 CET6122953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.365304947 CET53612291.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.367537975 CET4964153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.504998922 CET53496411.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.505954981 CET5694653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.834906101 CET53569461.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.666759968 CET5465353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.710774899 CET6073053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.711123943 CET5954953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.804097891 CET53546531.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.847929955 CET53607301.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.848282099 CET53595491.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.036674976 CET5494053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.036675930 CET5886653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.036895990 CET5291053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.174041033 CET53588661.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.174712896 CET53529101.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.175184011 CET5934353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.175429106 CET6278653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.312577009 CET53593431.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.313802958 CET53627861.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.319628954 CET6378653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.320004940 CET5896653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.342799902 CET53549401.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.357794046 CET5592353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.456912994 CET53589661.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.457595110 CET6523953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.458606958 CET53637861.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.459328890 CET5250353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.497634888 CET53559231.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.498090982 CET6368453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.596972942 CET53652391.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.597523928 CET5896153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.636173964 CET53636841.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.638900995 CET5797653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.675740957 CET53525031.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.676290035 CET4992753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.734826088 CET53589611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.776386976 CET53579761.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.815143108 CET53499271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.268471003 CET4997653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.405658960 CET53499761.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.178864956 CET5699453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.201097012 CET5753653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.203593969 CET5788353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.210663080 CET5134053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.339651108 CET53575361.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.341326952 CET53578831.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.342667103 CET6183553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.347584963 CET53513401.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.427122116 CET53569941.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.427726984 CET6452553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.428203106 CET5153953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.480401993 CET53618351.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.481077909 CET5655753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.565140963 CET53645251.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.567653894 CET53515391.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.568280935 CET5773753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.619178057 CET53565571.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.705849886 CET53577371.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:15.719060898 CET5971353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:15.856658936 CET53597131.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:16.947886944 CET5318853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.200158119 CET5509253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.337776899 CET53550921.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:57.178018093 CET5667353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:57.315711975 CET53566731.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:57.317243099 CET6000853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:57.455152035 CET53600081.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.144865990 CET6166153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.288569927 CET53616611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.290184021 CET5881353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.428081989 CET53588131.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.429456949 CET6270253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.566845894 CET53627021.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.665302038 CET5898453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.795660019 CET5296453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.933357000 CET53529641.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.039812088 CET6079153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.230330944 CET6079153192.168.2.41.1.1.1

                                                                                                                                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:25.255960941 CET192.168.2.41.1.1.10xe854Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:25.396042109 CET192.168.2.41.1.1.10x5fd2Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.734137058 CET192.168.2.41.1.1.10xa73fStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.734882116 CET192.168.2.41.1.1.10x1cd4Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.875267982 CET192.168.2.41.1.1.10x4412Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.875452995 CET192.168.2.41.1.1.10x254bStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.013173103 CET192.168.2.41.1.1.10xd997Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.014404058 CET192.168.2.41.1.1.10xede8Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.156419039 CET192.168.2.41.1.1.10x70dStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.893529892 CET192.168.2.41.1.1.10x6993Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.926162004 CET192.168.2.41.1.1.10xfa89Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.963088036 CET192.168.2.41.1.1.10x8f8eStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.031397104 CET192.168.2.41.1.1.10x70aaStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.065454006 CET192.168.2.41.1.1.10xf544Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.071091890 CET192.168.2.41.1.1.10xe36cStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.170105934 CET192.168.2.41.1.1.10x66cStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.204859972 CET192.168.2.41.1.1.10x1ac7Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.211376905 CET192.168.2.41.1.1.10x648bStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.313549042 CET192.168.2.41.1.1.10x4b58Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.439380884 CET192.168.2.41.1.1.10x3926Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.439934015 CET192.168.2.41.1.1.10xb053Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.483532906 CET192.168.2.41.1.1.10x461bStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.203289032 CET192.168.2.41.1.1.10x291aStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.263844013 CET192.168.2.41.1.1.10x85abStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.402713060 CET192.168.2.41.1.1.10xb2a4Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.502244949 CET192.168.2.41.1.1.10x96eeStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.544522047 CET192.168.2.41.1.1.10x45cbStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.666038990 CET192.168.2.41.1.1.10x9bd3Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.686341047 CET192.168.2.41.1.1.10x7c87Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.806010008 CET192.168.2.41.1.1.10xe1ddStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.824510098 CET192.168.2.41.1.1.10x79e5Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.225739002 CET192.168.2.41.1.1.10xd32eStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.367537975 CET192.168.2.41.1.1.10x3107Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.505954981 CET192.168.2.41.1.1.10x396fStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.666759968 CET192.168.2.41.1.1.10xd1a7Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.710774899 CET192.168.2.41.1.1.10xea89Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.711123943 CET192.168.2.41.1.1.10x4231Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.036674976 CET192.168.2.41.1.1.10xa865Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.036675930 CET192.168.2.41.1.1.10xd4bbStandard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.036895990 CET192.168.2.41.1.1.10xbb8Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.175184011 CET192.168.2.41.1.1.10xfa17Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.175429106 CET192.168.2.41.1.1.10x6af1Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.319628954 CET192.168.2.41.1.1.10x10ecStandard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.320004940 CET192.168.2.41.1.1.10xa03fStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.357794046 CET192.168.2.41.1.1.10x90cfStandard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.457595110 CET192.168.2.41.1.1.10x3069Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.459328890 CET192.168.2.41.1.1.10xf102Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.498090982 CET192.168.2.41.1.1.10x40e2Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.597523928 CET192.168.2.41.1.1.10x9d26Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.638900995 CET192.168.2.41.1.1.10x38e2Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.676290035 CET192.168.2.41.1.1.10x65cfStandard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.268471003 CET192.168.2.41.1.1.10x9d94Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.178864956 CET192.168.2.41.1.1.10x8087Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.201097012 CET192.168.2.41.1.1.10xc707Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.203593969 CET192.168.2.41.1.1.10x2556Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.210663080 CET192.168.2.41.1.1.10x1a4fStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.342667103 CET192.168.2.41.1.1.10x41b1Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.427726984 CET192.168.2.41.1.1.10x401fStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.428203106 CET192.168.2.41.1.1.10x913aStandard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.481077909 CET192.168.2.41.1.1.10x6b2cStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.568280935 CET192.168.2.41.1.1.10x40f5Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:15.719060898 CET192.168.2.41.1.1.10xc9bbStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:16.947886944 CET192.168.2.41.1.1.10xdb16Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.200158119 CET192.168.2.41.1.1.10x2260Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:57.178018093 CET192.168.2.41.1.1.10xf21dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:57.317243099 CET192.168.2.41.1.1.10x90d2Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.144865990 CET192.168.2.41.1.1.10x5232Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.290184021 CET192.168.2.41.1.1.10x546Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.429456949 CET192.168.2.41.1.1.10x3892Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.665302038 CET192.168.2.41.1.1.10x302Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.795660019 CET192.168.2.41.1.1.10x2ab4Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.039812088 CET192.168.2.41.1.1.10x2e36Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.230330944 CET192.168.2.41.1.1.10x2e36Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:25.241149902 CET1.1.1.1192.168.2.40x71c6No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:25.395088911 CET1.1.1.1192.168.2.40xe854No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.872931957 CET1.1.1.1192.168.2.40x1cd4No error (0)youtube.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.872978926 CET1.1.1.1192.168.2.40xa73fNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:27.872978926 CET1.1.1.1192.168.2.40xa73fNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.012572050 CET1.1.1.1192.168.2.40x4412No error (0)youtube.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.013627052 CET1.1.1.1192.168.2.40x254bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.150784016 CET1.1.1.1192.168.2.40xd997No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.151482105 CET1.1.1.1192.168.2.40xede8No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.302493095 CET1.1.1.1192.168.2.40x70dNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.030884027 CET1.1.1.1192.168.2.40x6993No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.063693047 CET1.1.1.1192.168.2.40xfa89No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.063693047 CET1.1.1.1192.168.2.40xfa89No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.064048052 CET1.1.1.1192.168.2.40x82a6No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.064048052 CET1.1.1.1192.168.2.40x82a6No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.100714922 CET1.1.1.1192.168.2.40x8f8eNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.100714922 CET1.1.1.1192.168.2.40x8f8eNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.100714922 CET1.1.1.1192.168.2.40x8f8eNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.204175949 CET1.1.1.1192.168.2.40xf544No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.210841894 CET1.1.1.1192.168.2.40xe36cNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.308384895 CET1.1.1.1192.168.2.40x66cNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.452634096 CET1.1.1.1192.168.2.40x4b58No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.579911947 CET1.1.1.1192.168.2.40x3926No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.580136061 CET1.1.1.1192.168.2.40xb053No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.580136061 CET1.1.1.1192.168.2.40xb053No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.621750116 CET1.1.1.1192.168.2.40x461bNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.621750116 CET1.1.1.1192.168.2.40x461bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.401453018 CET1.1.1.1192.168.2.40x85abNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.417928934 CET1.1.1.1192.168.2.40x291aNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.542685032 CET1.1.1.1192.168.2.40xb2a4No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.642550945 CET1.1.1.1192.168.2.40x96eeNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.642550945 CET1.1.1.1192.168.2.40x96eeNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.644130945 CET1.1.1.1192.168.2.40xe1d4No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.678018093 CET1.1.1.1192.168.2.40xfed5No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.678018093 CET1.1.1.1192.168.2.40xfed5No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.802964926 CET1.1.1.1192.168.2.40x9bd3No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.823685884 CET1.1.1.1192.168.2.40x7c87No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.365304947 CET1.1.1.1192.168.2.40xd32eNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.365304947 CET1.1.1.1192.168.2.40xd32eNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.365304947 CET1.1.1.1192.168.2.40xd32eNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.504998922 CET1.1.1.1192.168.2.40x3107No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.680212021 CET1.1.1.1192.168.2.40xa6deNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.847929955 CET1.1.1.1192.168.2.40xea89No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.847929955 CET1.1.1.1192.168.2.40xea89No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.847929955 CET1.1.1.1192.168.2.40xea89No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.847929955 CET1.1.1.1192.168.2.40xea89No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.847929955 CET1.1.1.1192.168.2.40xea89No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.847929955 CET1.1.1.1192.168.2.40xea89No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.847929955 CET1.1.1.1192.168.2.40xea89No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.847929955 CET1.1.1.1192.168.2.40xea89No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.847929955 CET1.1.1.1192.168.2.40xea89No error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.847929955 CET1.1.1.1192.168.2.40xea89No error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.847929955 CET1.1.1.1192.168.2.40xea89No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.848282099 CET1.1.1.1192.168.2.40x4231No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:40.848282099 CET1.1.1.1192.168.2.40x4231No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.174041033 CET1.1.1.1192.168.2.40xd4bbNo error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.174041033 CET1.1.1.1192.168.2.40xd4bbNo error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.174041033 CET1.1.1.1192.168.2.40xd4bbNo error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.174041033 CET1.1.1.1192.168.2.40xd4bbNo error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.174041033 CET1.1.1.1192.168.2.40xd4bbNo error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.174041033 CET1.1.1.1192.168.2.40xd4bbNo error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.174041033 CET1.1.1.1192.168.2.40xd4bbNo error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.174041033 CET1.1.1.1192.168.2.40xd4bbNo error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.174041033 CET1.1.1.1192.168.2.40xd4bbNo error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.174041033 CET1.1.1.1192.168.2.40xd4bbNo error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.174041033 CET1.1.1.1192.168.2.40xd4bbNo error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.174041033 CET1.1.1.1192.168.2.40xd4bbNo error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.174041033 CET1.1.1.1192.168.2.40xd4bbNo error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.174712896 CET1.1.1.1192.168.2.40xbb8No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.312577009 CET1.1.1.1192.168.2.40xfa17No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.312577009 CET1.1.1.1192.168.2.40xfa17No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.312577009 CET1.1.1.1192.168.2.40xfa17No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.312577009 CET1.1.1.1192.168.2.40xfa17No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.313802958 CET1.1.1.1192.168.2.40x6af1No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.342799902 CET1.1.1.1192.168.2.40xa865No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.342799902 CET1.1.1.1192.168.2.40xa865No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.456912994 CET1.1.1.1192.168.2.40xa03fNo error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.458606958 CET1.1.1.1192.168.2.40x10ecNo error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.458606958 CET1.1.1.1192.168.2.40x10ecNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.458606958 CET1.1.1.1192.168.2.40x10ecNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.458606958 CET1.1.1.1192.168.2.40x10ecNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.458606958 CET1.1.1.1192.168.2.40x10ecNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.497634888 CET1.1.1.1192.168.2.40x90cfNo error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.596972942 CET1.1.1.1192.168.2.40x3069No error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.636173964 CET1.1.1.1192.168.2.40x40e2No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.675740957 CET1.1.1.1192.168.2.40xf102No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.675740957 CET1.1.1.1192.168.2.40xf102No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.675740957 CET1.1.1.1192.168.2.40xf102No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.675740957 CET1.1.1.1192.168.2.40xf102No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.339651108 CET1.1.1.1192.168.2.40xc707No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.339651108 CET1.1.1.1192.168.2.40xc707No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.339651108 CET1.1.1.1192.168.2.40xc707No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.339651108 CET1.1.1.1192.168.2.40xc707No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.347584963 CET1.1.1.1192.168.2.40x1a4fNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.347584963 CET1.1.1.1192.168.2.40x1a4fNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.427122116 CET1.1.1.1192.168.2.40x8087No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.480401993 CET1.1.1.1192.168.2.40x41b1No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.480401993 CET1.1.1.1192.168.2.40x41b1No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.480401993 CET1.1.1.1192.168.2.40x41b1No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.480401993 CET1.1.1.1192.168.2.40x41b1No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.567653894 CET1.1.1.1192.168.2.40x913aNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.619178057 CET1.1.1.1192.168.2.40x6b2cNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.619178057 CET1.1.1.1192.168.2.40x6b2cNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.619178057 CET1.1.1.1192.168.2.40x6b2cNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:54.619178057 CET1.1.1.1192.168.2.40x6b2cNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:57.491420031 CET1.1.1.1192.168.2.40xf208No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:57.491420031 CET1.1.1.1192.168.2.40xf208No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:17.085469961 CET1.1.1.1192.168.2.40xdb16No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:17.085469961 CET1.1.1.1192.168.2.40xdb16No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:24.198440075 CET1.1.1.1192.168.2.40xb9dbNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:57.315711975 CET1.1.1.1192.168.2.40xf21dNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.288569927 CET1.1.1.1192.168.2.40x5232No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:19.428081989 CET1.1.1.1192.168.2.40x546No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.805005074 CET1.1.1.1192.168.2.40x302No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.805005074 CET1.1.1.1192.168.2.40x302No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:25.793616056 CET1.1.1.1192.168.2.40x7626No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.268659115 CET1.1.1.1192.168.2.40x2e36No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.268659115 CET1.1.1.1192.168.2.40x2e36No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.368530035 CET1.1.1.1192.168.2.40x2e36No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.368530035 CET1.1.1.1192.168.2.40x2e36No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                      • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                                      HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      0192.168.2.44974034.107.221.82807052C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:28.892911911 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.368706942 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 17060
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      1192.168.2.44974634.107.221.82807052C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:29.752711058 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.839762926 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 82657
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      2192.168.2.44975634.107.221.82807052C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:30.864717007 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:31.927427053 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 17062
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.532171965 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:34.847839117 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 17065
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.300153017 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.615494967 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 17072
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.166413069 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.481858969 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 17075
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.263674974 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.579056025 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 17077
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.488646030 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.803567886 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 17078
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:48.718837023 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:49.033569098 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 17079
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:52.297656059 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:52.613034964 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 17083
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.409173965 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.724083900 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 17086
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.811614037 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:57.227366924 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 17088
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:07.237874031 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:16.947710991 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:17.263428926 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 17108
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.430388927 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.745369911 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 17116
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:35.749682903 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:45.873240948 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:56.001322985 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:58.546943903 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:58.862622023 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 17149
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:08.873435974 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:18.997133970 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:29.125148058 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:39.253772974 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:49.382827997 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:59.512588024 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.665047884 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.980745077 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 17231
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      3192.168.2.44975834.107.221.82807052C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.149966002 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:36.464617014 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sat, 14 Dec 2024 11:18:21 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 76455
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.047012091 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:41.361634970 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sat, 14 Dec 2024 11:18:21 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 76460
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.051333904 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.365797997 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sat, 14 Dec 2024 11:18:21 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 76463
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:44.700867891 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:45.015610933 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sat, 14 Dec 2024 11:18:21 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 76463
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.582653999 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:46.897248030 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sat, 14 Dec 2024 11:18:21 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 76465
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:47.807872057 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:48.122750998 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sat, 14 Dec 2024 11:18:21 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 76466
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:49.040847063 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:49.355542898 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sat, 14 Dec 2024 11:18:21 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 76468
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:52.616554022 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:52.931163073 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sat, 14 Dec 2024 11:18:21 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 76471
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:55.726670027 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:56.041297913 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sat, 14 Dec 2024 11:18:21 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 76474
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:57.230401993 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:32:57.544905901 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sat, 14 Dec 2024 11:18:21 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 76476
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:07.554169893 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:17.266583920 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:17.581254005 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sat, 14 Dec 2024 11:18:21 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 76496
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:25.749560118 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:26.064234972 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sat, 14 Dec 2024 11:18:21 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 76504
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:36.072768927 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:46.205317974 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:56.333585978 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:58.866772890 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:33:59.181462049 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sat, 14 Dec 2024 11:18:21 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 76538
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:09.190071106 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:19.313564062 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:29.441090107 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:39.570209026 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:49.699457884 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:34:59.829091072 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:20.985522985 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:21.306763887 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sat, 14 Dec 2024 11:18:21 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 76620
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                      4192.168.2.45006434.107.221.8280
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:27.410686016 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:28.498831987 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 03:48:09 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 17239
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                      5192.168.2.45006534.107.221.8280
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:28.622638941 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 15, 2024 09:35:29.708729982 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Sat, 14 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 82836
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                                                                                                                                      Start time:03:32:17
                                                                                                                                                                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\nmy4mJXEaz.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\nmy4mJXEaz.exe"
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0xd30000
                                                                                                                                                                                                                                                                                                                                                                      File size:972'800 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:E9F4F5B56FEA82ED8A63D8D31A25F17D
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                                                                                                                                                                                      Start time:03:32:18
                                                                                                                                                                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                      Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0xa20000
                                                                                                                                                                                                                                                                                                                                                                      File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                                                                                                                                                      Start time:03:32:18
                                                                                                                                                                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                                                                                                                                                                      Start time:03:32:20
                                                                                                                                                                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                      Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0xa20000
                                                                                                                                                                                                                                                                                                                                                                      File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                                                                                                                                      Start time:03:32:20
                                                                                                                                                                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                                                                                                                                                                      Start time:03:32:20
                                                                                                                                                                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                      Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0xa20000
                                                                                                                                                                                                                                                                                                                                                                      File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                                                                                                                                                                      Start time:03:32:21
                                                                                                                                                                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                                                                                                                                                                      Start time:03:32:21
                                                                                                                                                                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                      Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0xa20000
                                                                                                                                                                                                                                                                                                                                                                      File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                                                                                                                                                                      Start time:03:32:21
                                                                                                                                                                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                                                                                                                                                                                      Start time:03:32:21
                                                                                                                                                                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                      Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0xa20000
                                                                                                                                                                                                                                                                                                                                                                      File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                                                                                                                                                                      Start time:03:32:21
                                                                                                                                                                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:11
                                                                                                                                                                                                                                                                                                                                                                      Start time:03:32:21
                                                                                                                                                                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:12
                                                                                                                                                                                                                                                                                                                                                                      Start time:03:32:21
                                                                                                                                                                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                                                                                                                                                                      Start time:03:32:21
                                                                                                                                                                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:15
                                                                                                                                                                                                                                                                                                                                                                      Start time:03:32:23
                                                                                                                                                                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89cf5a61-b060-41ad-8a73-6666f1ddae83} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 208ac66d510 socket
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:16
                                                                                                                                                                                                                                                                                                                                                                      Start time:03:32:25
                                                                                                                                                                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1276 -parentBuildID 20230927232528 -prefsHandle 2948 -prefMapHandle 4064 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5bcb05e-5b67-4f17-9cc9-6af984da76a6} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 208be87a110 rdd
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                                                                                                                                                                                      Start time:03:32:29
                                                                                                                                                                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5344 -prefMapHandle 5292 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc27d761-b0e0-48a4-b8c9-74e9c7a8b21f} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 208be4c4710 utility
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                                                                                                        Execution Coverage:2.6%
                                                                                                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                        Signature Coverage:6.6%
                                                                                                                                                                                                                                                                                                                                                                        Total number of Nodes:1725
                                                                                                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:59
                                                                                                                                                                                                                                                                                                                                                                        execution_graph 94549 d40114 94552 d4fddb 94549->94552 94551 d4011d 94554 d4fde0 94552->94554 94555 d4fdfa 94554->94555 94559 d4fdfc 94554->94559 94562 d5ea0c 94554->94562 94569 d54ead 7 API calls 2 library calls 94554->94569 94555->94551 94557 d5066d 94571 d532a4 RaiseException 94557->94571 94559->94557 94570 d532a4 RaiseException 94559->94570 94560 d5068a 94560->94551 94567 d63820 _abort 94562->94567 94563 d6385e 94573 d5f2d9 20 API calls _abort 94563->94573 94565 d63849 RtlAllocateHeap 94566 d6385c 94565->94566 94565->94567 94566->94554 94567->94563 94567->94565 94572 d54ead 7 API calls 2 library calls 94567->94572 94569->94554 94570->94557 94571->94560 94572->94567 94573->94566 94574 d8d29a 94577 d9de27 WSAStartup 94574->94577 94576 d8d2a5 94578 d9de50 gethostname gethostbyname 94577->94578 94579 d9dee6 94577->94579 94578->94579 94580 d9de73 __fread_nolock 94578->94580 94579->94576 94581 d9dea5 inet_ntoa 94580->94581 94585 d9de87 94580->94585 94583 d9debe _strcat 94581->94583 94582 d9dede WSACleanup 94582->94579 94586 d9ebd1 94583->94586 94585->94582 94587 d9ebe0 _strlen 94586->94587 94588 d9ec37 94586->94588 94589 d9ebef MultiByteToWideChar 94587->94589 94588->94585 94589->94588 94590 d9ec04 94589->94590 94593 d4fe0b 94590->94593 94592 d9ec20 MultiByteToWideChar 94592->94588 94595 d4fddb 94593->94595 94594 d5ea0c ___std_exception_copy 21 API calls 94594->94595 94595->94594 94596 d4fdfa 94595->94596 94598 d4fdfc 94595->94598 94603 d54ead 7 API calls 2 library calls 94595->94603 94596->94592 94599 d5066d 94598->94599 94604 d532a4 RaiseException 94598->94604 94605 d532a4 RaiseException 94599->94605 94601 d5068a 94601->94592 94603->94595 94604->94599 94605->94601 94606 d33156 94609 d33170 94606->94609 94610 d33187 94609->94610 94611 d331eb 94610->94611 94612 d3318c 94610->94612 94653 d331e9 94610->94653 94614 d331f1 94611->94614 94615 d72dfb 94611->94615 94616 d33265 PostQuitMessage 94612->94616 94617 d33199 94612->94617 94613 d331d0 DefWindowProcW 94650 d3316a 94613->94650 94618 d331f8 94614->94618 94619 d3321d SetTimer RegisterWindowMessageW 94614->94619 94668 d318e2 10 API calls 94615->94668 94616->94650 94621 d331a4 94617->94621 94622 d72e7c 94617->94622 94623 d33201 KillTimer 94618->94623 94624 d72d9c 94618->94624 94626 d33246 CreatePopupMenu 94619->94626 94619->94650 94627 d331ae 94621->94627 94628 d72e68 94621->94628 94681 d9bf30 34 API calls ___scrt_fastfail 94622->94681 94654 d330f2 94623->94654 94630 d72dd7 MoveWindow 94624->94630 94631 d72da1 94624->94631 94625 d72e1c 94669 d4e499 42 API calls 94625->94669 94626->94650 94635 d72e4d 94627->94635 94636 d331b9 94627->94636 94658 d9c161 94628->94658 94630->94650 94638 d72da7 94631->94638 94639 d72dc6 SetFocus 94631->94639 94635->94613 94680 d90ad7 22 API calls 94635->94680 94641 d331c4 94636->94641 94642 d33253 94636->94642 94637 d72e8e 94637->94613 94637->94650 94638->94641 94643 d72db0 94638->94643 94639->94650 94641->94613 94649 d330f2 Shell_NotifyIconW 94641->94649 94666 d3326f 44 API calls ___scrt_fastfail 94642->94666 94667 d318e2 10 API calls 94643->94667 94648 d33263 94648->94650 94651 d72e41 94649->94651 94670 d33837 94651->94670 94653->94613 94655 d33154 94654->94655 94656 d33104 ___scrt_fastfail 94654->94656 94665 d33c50 DeleteObject DestroyWindow 94655->94665 94657 d33123 Shell_NotifyIconW 94656->94657 94657->94655 94659 d9c179 ___scrt_fastfail 94658->94659 94660 d9c276 94658->94660 94682 d33923 94659->94682 94660->94650 94662 d9c25f KillTimer SetTimer 94662->94660 94663 d9c1a0 94663->94662 94664 d9c251 Shell_NotifyIconW 94663->94664 94664->94662 94665->94650 94666->94648 94667->94650 94668->94625 94669->94641 94671 d33862 ___scrt_fastfail 94670->94671 94759 d34212 94671->94759 94674 d338e8 94676 d73386 Shell_NotifyIconW 94674->94676 94677 d33906 Shell_NotifyIconW 94674->94677 94678 d33923 24 API calls 94677->94678 94679 d3391c 94678->94679 94679->94653 94680->94653 94681->94637 94683 d33a13 94682->94683 94684 d3393f 94682->94684 94683->94663 94704 d36270 94684->94704 94687 d73393 LoadStringW 94690 d733ad 94687->94690 94688 d3395a 94709 d36b57 94688->94709 94698 d33994 ___scrt_fastfail 94690->94698 94722 d3a8c7 22 API calls __fread_nolock 94690->94722 94691 d3396f 94692 d733c9 94691->94692 94693 d3397c 94691->94693 94723 d36350 22 API calls 94692->94723 94693->94690 94695 d33986 94693->94695 94721 d36350 22 API calls 94695->94721 94701 d339f9 Shell_NotifyIconW 94698->94701 94699 d733d7 94699->94698 94724 d333c6 94699->94724 94701->94683 94702 d733f9 94703 d333c6 22 API calls 94702->94703 94703->94698 94705 d4fe0b 22 API calls 94704->94705 94706 d36295 94705->94706 94707 d4fddb 22 API calls 94706->94707 94708 d3394d 94707->94708 94708->94687 94708->94688 94710 d36b67 _wcslen 94709->94710 94711 d74ba1 94709->94711 94714 d36ba2 94710->94714 94715 d36b7d 94710->94715 94734 d393b2 94711->94734 94713 d74baa 94713->94713 94716 d4fddb 22 API calls 94714->94716 94733 d36f34 22 API calls 94715->94733 94718 d36bae 94716->94718 94720 d4fe0b 22 API calls 94718->94720 94719 d36b85 __fread_nolock 94719->94691 94720->94719 94721->94698 94722->94698 94723->94699 94725 d730bb 94724->94725 94726 d333dd 94724->94726 94728 d4fddb 22 API calls 94725->94728 94744 d333ee 94726->94744 94730 d730c5 _wcslen 94728->94730 94729 d333e8 94729->94702 94731 d4fe0b 22 API calls 94730->94731 94732 d730fe __fread_nolock 94731->94732 94733->94719 94735 d393c0 94734->94735 94737 d393c9 __fread_nolock 94734->94737 94735->94737 94738 d3aec9 94735->94738 94737->94713 94739 d3aed9 __fread_nolock 94738->94739 94740 d3aedc 94738->94740 94739->94737 94741 d4fddb 22 API calls 94740->94741 94742 d3aee7 94741->94742 94743 d4fe0b 22 API calls 94742->94743 94743->94739 94745 d333fe _wcslen 94744->94745 94746 d33411 94745->94746 94747 d7311d 94745->94747 94754 d3a587 94746->94754 94748 d4fddb 22 API calls 94747->94748 94750 d73127 94748->94750 94752 d4fe0b 22 API calls 94750->94752 94751 d3341e __fread_nolock 94751->94729 94753 d73157 __fread_nolock 94752->94753 94755 d3a59d 94754->94755 94758 d3a598 __fread_nolock 94754->94758 94756 d4fe0b 22 API calls 94755->94756 94757 d7f80f 94755->94757 94756->94758 94758->94751 94760 d735a4 94759->94760 94761 d338b7 94759->94761 94760->94761 94762 d735ad DestroyIcon 94760->94762 94761->94674 94763 d9c874 42 API calls _strftime 94761->94763 94762->94761 94763->94674 94764 d8d79f 94769 d33b1c 94764->94769 94766 d8d7bf 94776 d39c6e 22 API calls 94766->94776 94768 d8d7ef 94768->94768 94770 d33b8c 94769->94770 94771 d33b29 94769->94771 94770->94766 94771->94770 94772 d33b30 RegOpenKeyExW 94771->94772 94772->94770 94773 d33b4a RegQueryValueExW 94772->94773 94774 d33b80 RegCloseKey 94773->94774 94775 d33b6b 94773->94775 94774->94770 94775->94774 94776->94768 94777 d8d35f 94778 d8d30c 94777->94778 94780 d9df27 SHGetFolderPathW 94778->94780 94781 d36b57 22 API calls 94780->94781 94782 d9df54 94781->94782 94782->94778 94783 d3105b 94788 d3344d 94783->94788 94785 d3106a 94819 d500a3 29 API calls __onexit 94785->94819 94787 d31074 94789 d3345d __wsopen_s 94788->94789 94820 d3a961 94789->94820 94793 d3351c 94832 d33357 94793->94832 94796 d333c6 22 API calls 94797 d33535 94796->94797 94838 d3515f 94797->94838 94800 d3a961 22 API calls 94801 d3354d 94800->94801 94844 d3a6c3 94801->94844 94804 d73176 RegQueryValueExW 94805 d73193 94804->94805 94806 d7320c RegCloseKey 94804->94806 94807 d4fe0b 22 API calls 94805->94807 94808 d33578 94806->94808 94816 d7321e _wcslen 94806->94816 94809 d731ac 94807->94809 94808->94785 94850 d35722 94809->94850 94812 d731d4 94814 d36b57 22 API calls 94812->94814 94813 d34c6d 22 API calls 94813->94816 94815 d731ee ISource 94814->94815 94815->94806 94816->94808 94816->94813 94818 d3515f 22 API calls 94816->94818 94853 d39cb3 94816->94853 94818->94816 94819->94787 94821 d4fe0b 22 API calls 94820->94821 94822 d3a976 94821->94822 94823 d4fddb 22 API calls 94822->94823 94824 d33513 94823->94824 94825 d33a5a 94824->94825 94859 d71f50 94825->94859 94828 d39cb3 22 API calls 94829 d33a8d 94828->94829 94861 d33aa2 94829->94861 94831 d33a97 94831->94793 94833 d71f50 __wsopen_s 94832->94833 94834 d33364 GetFullPathNameW 94833->94834 94835 d33386 94834->94835 94836 d36b57 22 API calls 94835->94836 94837 d333a4 94836->94837 94837->94796 94839 d3516e 94838->94839 94843 d3518f __fread_nolock 94838->94843 94841 d4fe0b 22 API calls 94839->94841 94840 d4fddb 22 API calls 94842 d33544 94840->94842 94841->94843 94842->94800 94843->94840 94845 d33556 RegOpenKeyExW 94844->94845 94846 d3a6dd 94844->94846 94845->94804 94845->94808 94847 d4fddb 22 API calls 94846->94847 94848 d3a6e7 94847->94848 94849 d4fe0b 22 API calls 94848->94849 94849->94845 94851 d4fddb 22 API calls 94850->94851 94852 d35734 RegQueryValueExW 94851->94852 94852->94812 94852->94815 94854 d39cc2 _wcslen 94853->94854 94855 d4fe0b 22 API calls 94854->94855 94856 d39cea __fread_nolock 94855->94856 94857 d4fddb 22 API calls 94856->94857 94858 d39d00 94857->94858 94858->94816 94860 d33a67 GetModuleFileNameW 94859->94860 94860->94828 94862 d71f50 __wsopen_s 94861->94862 94863 d33aaf GetFullPathNameW 94862->94863 94864 d33ae9 94863->94864 94865 d33ace 94863->94865 94866 d3a6c3 22 API calls 94864->94866 94867 d36b57 22 API calls 94865->94867 94868 d33ada 94866->94868 94867->94868 94871 d337a0 94868->94871 94872 d337ae 94871->94872 94873 d393b2 22 API calls 94872->94873 94874 d337c2 94873->94874 94874->94831 94875 dc2a55 94883 da1ebc 94875->94883 94878 dc2a70 94885 d939c0 22 API calls 94878->94885 94879 dc2a87 94881 dc2a7c 94886 d9417d 22 API calls __fread_nolock 94881->94886 94884 da1ec3 IsWindow 94883->94884 94884->94878 94884->94879 94885->94881 94886->94879 94887 d31098 94892 d342de 94887->94892 94891 d310a7 94893 d3a961 22 API calls 94892->94893 94894 d342f5 GetVersionExW 94893->94894 94895 d36b57 22 API calls 94894->94895 94896 d34342 94895->94896 94897 d393b2 22 API calls 94896->94897 94899 d34378 94896->94899 94898 d3436c 94897->94898 94901 d337a0 22 API calls 94898->94901 94900 d3441b GetCurrentProcess IsWow64Process 94899->94900 94905 d737df 94899->94905 94902 d34437 94900->94902 94901->94899 94903 d73824 GetSystemInfo 94902->94903 94904 d3444f LoadLibraryA 94902->94904 94906 d34460 GetProcAddress 94904->94906 94907 d3449c GetSystemInfo 94904->94907 94906->94907 94908 d34470 GetNativeSystemInfo 94906->94908 94909 d34476 94907->94909 94908->94909 94910 d3109d 94909->94910 94911 d3447a FreeLibrary 94909->94911 94912 d500a3 29 API calls __onexit 94910->94912 94911->94910 94912->94891 94913 d4f698 94914 d4f6a2 94913->94914 94915 d4f6c3 94913->94915 94922 d3af8a 94914->94922 94921 d8f2f8 94915->94921 94930 d94d4a 22 API calls ISource 94915->94930 94917 d4f6b2 94919 d3af8a 22 API calls 94917->94919 94920 d4f6c2 94919->94920 94923 d3af98 94922->94923 94929 d3afc0 ISource 94922->94929 94924 d3afa6 94923->94924 94926 d3af8a 22 API calls 94923->94926 94925 d3afac 94924->94925 94927 d3af8a 22 API calls 94924->94927 94925->94929 94931 d3b090 94925->94931 94926->94924 94927->94925 94929->94917 94930->94915 94933 d3b09b ISource 94931->94933 94932 d3b0d6 ISource 94932->94929 94933->94932 94935 d4ce17 22 API calls ISource 94933->94935 94935->94932 94936 d8d255 94937 d33b1c 3 API calls 94936->94937 94938 d8d275 94937->94938 94938->94938 94939 d68402 94944 d681be 94939->94944 94942 d6842a 94949 d681ef try_get_first_available_module 94944->94949 94946 d683ee 94963 d627ec 26 API calls pre_c_initialization 94946->94963 94948 d68343 94948->94942 94956 d70984 94948->94956 94952 d68338 94949->94952 94959 d58e0b 40 API calls 2 library calls 94949->94959 94951 d6838c 94951->94952 94960 d58e0b 40 API calls 2 library calls 94951->94960 94952->94948 94962 d5f2d9 20 API calls _abort 94952->94962 94954 d683ab 94954->94952 94961 d58e0b 40 API calls 2 library calls 94954->94961 94964 d70081 94956->94964 94958 d7099f 94958->94942 94959->94951 94960->94954 94961->94952 94962->94946 94963->94948 94965 d7008d BuildCatchObjectHelperInternal 94964->94965 94966 d7009b 94965->94966 94969 d700d4 94965->94969 95021 d5f2d9 20 API calls _abort 94966->95021 94968 d700a0 95022 d627ec 26 API calls pre_c_initialization 94968->95022 94975 d7065b 94969->94975 94974 d700aa __fread_nolock 94974->94958 94976 d70678 94975->94976 94977 d706a6 94976->94977 94978 d7068d 94976->94978 95024 d65221 94977->95024 95038 d5f2c6 20 API calls _abort 94978->95038 94981 d706ab 94982 d706b4 94981->94982 94983 d706cb 94981->94983 95040 d5f2c6 20 API calls _abort 94982->95040 95037 d7039a CreateFileW 94983->95037 94987 d706b9 95041 d5f2d9 20 API calls _abort 94987->95041 94988 d70781 GetFileType 94992 d707d3 94988->94992 94993 d7078c GetLastError 94988->94993 94990 d70756 GetLastError 95043 d5f2a3 20 API calls 2 library calls 94990->95043 94991 d70704 94991->94988 94991->94990 95042 d7039a CreateFileW 94991->95042 95046 d6516a 21 API calls 3 library calls 94992->95046 95044 d5f2a3 20 API calls 2 library calls 94993->95044 94994 d70692 95039 d5f2d9 20 API calls _abort 94994->95039 94998 d7079a CloseHandle 94998->94994 95001 d707c3 94998->95001 95000 d70749 95000->94988 95000->94990 95045 d5f2d9 20 API calls _abort 95001->95045 95002 d707f4 95004 d70840 95002->95004 95047 d705ab 72 API calls 4 library calls 95002->95047 95009 d7086d 95004->95009 95048 d7014d 72 API calls 4 library calls 95004->95048 95005 d707c8 95005->94994 95008 d70866 95008->95009 95010 d7087e 95008->95010 95049 d686ae 95009->95049 95012 d700f8 95010->95012 95013 d708fc CloseHandle 95010->95013 95023 d70121 LeaveCriticalSection __wsopen_s 95012->95023 95064 d7039a CreateFileW 95013->95064 95015 d70927 95016 d7095d 95015->95016 95017 d70931 GetLastError 95015->95017 95016->95012 95065 d5f2a3 20 API calls 2 library calls 95017->95065 95019 d7093d 95066 d65333 21 API calls 3 library calls 95019->95066 95021->94968 95022->94974 95023->94974 95025 d6522d BuildCatchObjectHelperInternal 95024->95025 95067 d62f5e EnterCriticalSection 95025->95067 95027 d65234 95029 d65259 95027->95029 95033 d652c7 EnterCriticalSection 95027->95033 95035 d6527b 95027->95035 95071 d65000 21 API calls 3 library calls 95029->95071 95030 d652a4 __fread_nolock 95030->94981 95032 d6525e 95032->95035 95072 d65147 EnterCriticalSection 95032->95072 95034 d652d4 LeaveCriticalSection 95033->95034 95033->95035 95034->95027 95068 d6532a 95035->95068 95037->94991 95038->94994 95039->95012 95040->94987 95041->94994 95042->95000 95043->94994 95044->94998 95045->95005 95046->95002 95047->95004 95048->95008 95074 d653c4 95049->95074 95051 d686c4 95087 d65333 21 API calls 3 library calls 95051->95087 95052 d686be 95052->95051 95054 d653c4 __wsopen_s 26 API calls 95052->95054 95063 d686f6 95052->95063 95057 d686ed 95054->95057 95055 d653c4 __wsopen_s 26 API calls 95058 d68702 CloseHandle 95055->95058 95056 d6871c 95062 d6873e 95056->95062 95088 d5f2a3 20 API calls 2 library calls 95056->95088 95059 d653c4 __wsopen_s 26 API calls 95057->95059 95058->95051 95060 d6870e GetLastError 95058->95060 95059->95063 95060->95051 95062->95012 95063->95051 95063->95055 95064->95015 95065->95019 95066->95016 95067->95027 95073 d62fa6 LeaveCriticalSection 95068->95073 95070 d65331 95070->95030 95071->95032 95072->95035 95073->95070 95075 d653e6 95074->95075 95076 d653d1 95074->95076 95082 d6540b 95075->95082 95091 d5f2c6 20 API calls _abort 95075->95091 95089 d5f2c6 20 API calls _abort 95076->95089 95079 d653d6 95090 d5f2d9 20 API calls _abort 95079->95090 95080 d65416 95092 d5f2d9 20 API calls _abort 95080->95092 95082->95052 95084 d653de 95084->95052 95085 d6541e 95093 d627ec 26 API calls pre_c_initialization 95085->95093 95087->95056 95088->95062 95089->95079 95090->95084 95091->95080 95092->95085 95093->95084 95094 d72402 95097 d31410 95094->95097 95098 d3144f mciSendStringW 95097->95098 95099 d724b8 DestroyWindow 95097->95099 95100 d316c6 95098->95100 95101 d3146b 95098->95101 95111 d724c4 95099->95111 95100->95101 95103 d316d5 UnregisterHotKey 95100->95103 95102 d31479 95101->95102 95101->95111 95130 d3182e 95102->95130 95103->95100 95105 d72509 95112 d7252d 95105->95112 95113 d7251c FreeLibrary 95105->95113 95106 d724e2 FindClose 95106->95111 95107 d724d8 95107->95111 95136 d36246 CloseHandle 95107->95136 95109 d3148e 95109->95112 95118 d3149c 95109->95118 95111->95105 95111->95106 95111->95107 95114 d72541 VirtualFree 95112->95114 95121 d31509 95112->95121 95113->95105 95114->95112 95115 d314f8 CoUninitialize 95115->95121 95116 d31514 95120 d31524 95116->95120 95117 d72589 95123 d72598 ISource 95117->95123 95137 da32eb 6 API calls ISource 95117->95137 95118->95115 95134 d31944 VirtualFreeEx CloseHandle 95120->95134 95121->95116 95121->95117 95126 d72627 95123->95126 95138 d964d4 22 API calls ISource 95123->95138 95125 d3153a 95125->95123 95127 d3161f 95125->95127 95126->95126 95127->95126 95135 d31876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95127->95135 95129 d316c1 95131 d3183b 95130->95131 95132 d31480 95131->95132 95139 d9702a 22 API calls 95131->95139 95132->95105 95132->95109 95134->95125 95135->95129 95136->95107 95137->95117 95138->95123 95139->95131 95140 d31044 95145 d310f3 95140->95145 95142 d3104a 95181 d500a3 29 API calls __onexit 95142->95181 95144 d31054 95182 d31398 95145->95182 95149 d3116a 95150 d3a961 22 API calls 95149->95150 95151 d31174 95150->95151 95152 d3a961 22 API calls 95151->95152 95153 d3117e 95152->95153 95154 d3a961 22 API calls 95153->95154 95155 d31188 95154->95155 95156 d3a961 22 API calls 95155->95156 95157 d311c6 95156->95157 95158 d3a961 22 API calls 95157->95158 95159 d31292 95158->95159 95192 d3171c 95159->95192 95163 d312c4 95164 d3a961 22 API calls 95163->95164 95165 d312ce 95164->95165 95213 d41940 95165->95213 95167 d312f9 95223 d31aab 95167->95223 95169 d31315 95170 d31325 GetStdHandle 95169->95170 95171 d72485 95170->95171 95172 d3137a 95170->95172 95171->95172 95173 d7248e 95171->95173 95175 d31387 OleInitialize 95172->95175 95174 d4fddb 22 API calls 95173->95174 95176 d72495 95174->95176 95175->95142 95230 da011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95176->95230 95178 d7249e 95231 da0944 CreateThread 95178->95231 95180 d724aa CloseHandle 95180->95172 95181->95144 95232 d313f1 95182->95232 95185 d313f1 22 API calls 95186 d313d0 95185->95186 95187 d3a961 22 API calls 95186->95187 95188 d313dc 95187->95188 95189 d36b57 22 API calls 95188->95189 95190 d31129 95189->95190 95191 d31bc3 6 API calls 95190->95191 95191->95149 95193 d3a961 22 API calls 95192->95193 95194 d3172c 95193->95194 95195 d3a961 22 API calls 95194->95195 95196 d31734 95195->95196 95197 d3a961 22 API calls 95196->95197 95198 d3174f 95197->95198 95199 d4fddb 22 API calls 95198->95199 95200 d3129c 95199->95200 95201 d31b4a 95200->95201 95202 d31b58 95201->95202 95203 d3a961 22 API calls 95202->95203 95204 d31b63 95203->95204 95205 d3a961 22 API calls 95204->95205 95206 d31b6e 95205->95206 95207 d3a961 22 API calls 95206->95207 95208 d31b79 95207->95208 95209 d3a961 22 API calls 95208->95209 95210 d31b84 95209->95210 95211 d4fddb 22 API calls 95210->95211 95212 d31b96 RegisterWindowMessageW 95211->95212 95212->95163 95214 d41981 95213->95214 95219 d4195d 95213->95219 95239 d50242 5 API calls __Init_thread_wait 95214->95239 95216 d4196e 95216->95167 95217 d4198b 95217->95219 95240 d501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95217->95240 95219->95216 95241 d50242 5 API calls __Init_thread_wait 95219->95241 95220 d48727 95220->95216 95242 d501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95220->95242 95224 d31abb 95223->95224 95225 d7272d 95223->95225 95227 d4fddb 22 API calls 95224->95227 95243 da3209 23 API calls 95225->95243 95229 d31ac3 95227->95229 95228 d72738 95229->95169 95230->95178 95231->95180 95244 da092a 28 API calls 95231->95244 95233 d3a961 22 API calls 95232->95233 95234 d313fc 95233->95234 95235 d3a961 22 API calls 95234->95235 95236 d31404 95235->95236 95237 d3a961 22 API calls 95236->95237 95238 d313c6 95237->95238 95238->95185 95239->95217 95240->95219 95241->95220 95242->95216 95243->95228 95245 d82a00 95271 d3d7b0 ISource 95245->95271 95246 d3db11 PeekMessageW 95246->95271 95247 d3d807 GetInputState 95247->95246 95247->95271 95248 d81cbe TranslateAcceleratorW 95248->95271 95250 d3db8f PeekMessageW 95250->95271 95251 d3da04 timeGetTime 95251->95271 95252 d3db73 TranslateMessage DispatchMessageW 95252->95250 95253 d3dbaf Sleep 95253->95271 95254 d82b74 Sleep 95265 d82a51 95254->95265 95257 d81dda timeGetTime 95428 d4e300 23 API calls 95257->95428 95260 d82c0b GetExitCodeProcess 95261 d82c21 WaitForSingleObject 95260->95261 95262 d82c37 CloseHandle 95260->95262 95261->95262 95261->95271 95262->95265 95263 dc29bf GetForegroundWindow 95263->95265 95265->95260 95265->95263 95266 d3d9d5 95265->95266 95267 d82ca9 Sleep 95265->95267 95265->95271 95455 db5658 23 API calls 95265->95455 95456 d9e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95265->95456 95457 d4e551 timeGetTime 95265->95457 95458 d9d4dc CreateToolhelp32Snapshot Process32FirstW 95265->95458 95267->95271 95271->95246 95271->95247 95271->95248 95271->95250 95271->95251 95271->95252 95271->95253 95271->95254 95271->95257 95271->95265 95271->95266 95277 d3dd50 95271->95277 95284 d3dfd0 95271->95284 95307 d3bf40 95271->95307 95365 d4edf6 95271->95365 95370 d41310 95271->95370 95427 d4e551 timeGetTime 95271->95427 95429 da3a2a 23 API calls 95271->95429 95430 d3ec40 95271->95430 95454 da359c 82 API calls __wsopen_s 95271->95454 95278 d3dd83 95277->95278 95279 d3dd6f 95277->95279 95500 da359c 82 API calls __wsopen_s 95278->95500 95468 d3d260 95279->95468 95282 d3dd7a 95282->95271 95283 d82f75 95283->95283 95286 d3e010 95284->95286 95285 d3ec40 348 API calls 95301 d3e0dc ISource 95285->95301 95286->95301 95516 d50242 5 API calls __Init_thread_wait 95286->95516 95289 d82fca 95291 d3a961 22 API calls 95289->95291 95289->95301 95290 d3a961 22 API calls 95290->95301 95294 d82fe4 95291->95294 95517 d500a3 29 API calls __onexit 95294->95517 95297 d82fee 95518 d501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95297->95518 95301->95285 95301->95290 95302 d3e3e1 95301->95302 95303 d404f0 22 API calls 95301->95303 95304 da359c 82 API calls 95301->95304 95510 d3a8c7 22 API calls __fread_nolock 95301->95510 95511 d3a81b 95301->95511 95515 d4a308 348 API calls 95301->95515 95519 d50242 5 API calls __Init_thread_wait 95301->95519 95520 d500a3 29 API calls __onexit 95301->95520 95521 d501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95301->95521 95522 db47d4 348 API calls 95301->95522 95523 db68c1 348 API calls 95301->95523 95302->95271 95303->95301 95304->95301 95566 d3adf0 95307->95566 95309 d3bf9d 95310 d3bfa9 95309->95310 95311 d804b6 95309->95311 95313 d804c6 95310->95313 95314 d3c01e 95310->95314 95584 da359c 82 API calls __wsopen_s 95311->95584 95585 da359c 82 API calls __wsopen_s 95313->95585 95571 d3ac91 95314->95571 95318 d97120 22 API calls 95361 d3c039 ISource __fread_nolock 95318->95361 95319 d3c7da 95322 d4fe0b 22 API calls 95319->95322 95327 d3c808 __fread_nolock 95322->95327 95324 d804f5 95328 d8055a 95324->95328 95586 d4d217 348 API calls 95324->95586 95330 d4fe0b 22 API calls 95327->95330 95350 d3c603 95328->95350 95587 da359c 82 API calls __wsopen_s 95328->95587 95329 d4fddb 22 API calls 95329->95361 95362 d3c350 ISource __fread_nolock 95330->95362 95331 d3af8a 22 API calls 95331->95361 95332 d8091a 95594 da3209 23 API calls 95332->95594 95335 d3ec40 348 API calls 95335->95361 95336 d808a5 95337 d3ec40 348 API calls 95336->95337 95338 d808cf 95337->95338 95342 d3a81b 41 API calls 95338->95342 95338->95350 95340 d80591 95588 da359c 82 API calls __wsopen_s 95340->95588 95344 d808f6 95342->95344 95343 d3a993 41 API calls 95343->95361 95593 da359c 82 API calls __wsopen_s 95344->95593 95346 d3c237 95348 d3c253 95346->95348 95595 d3a8c7 22 API calls __fread_nolock 95346->95595 95347 d3aceb 23 API calls 95347->95361 95352 d80976 95348->95352 95355 d3c297 ISource 95348->95355 95350->95271 95353 d3aceb 23 API calls 95352->95353 95354 d809bf 95353->95354 95354->95350 95596 da359c 82 API calls __wsopen_s 95354->95596 95355->95354 95356 d3aceb 23 API calls 95355->95356 95357 d3c335 95356->95357 95357->95354 95359 d3c342 95357->95359 95358 d3bbe0 40 API calls 95358->95361 95582 d3a704 22 API calls ISource 95359->95582 95361->95318 95361->95319 95361->95324 95361->95327 95361->95328 95361->95329 95361->95331 95361->95332 95361->95335 95361->95336 95361->95340 95361->95343 95361->95344 95361->95346 95361->95347 95361->95350 95361->95354 95361->95358 95363 d4fe0b 22 API calls 95361->95363 95575 d3ad81 95361->95575 95589 d97099 22 API calls __fread_nolock 95361->95589 95590 db5745 54 API calls _wcslen 95361->95590 95591 d4aa42 22 API calls ISource 95361->95591 95592 d9f05c 40 API calls 95361->95592 95364 d3c3ac 95362->95364 95583 d4ce17 22 API calls ISource 95362->95583 95363->95361 95364->95271 95366 d4ee09 95365->95366 95368 d4ee12 95365->95368 95366->95271 95367 d4ee36 IsDialogMessageW 95367->95366 95367->95368 95368->95366 95368->95367 95369 d8efaf GetClassLongW 95368->95369 95369->95367 95369->95368 95371 d41376 95370->95371 95372 d417b0 95370->95372 95374 d41390 95371->95374 95375 d86331 95371->95375 95635 d50242 5 API calls __Init_thread_wait 95372->95635 95379 d41940 9 API calls 95374->95379 95376 d8633d 95375->95376 95639 db709c 348 API calls 95375->95639 95376->95271 95378 d417ba 95381 d417fb 95378->95381 95383 d39cb3 22 API calls 95378->95383 95380 d413a0 95379->95380 95382 d41940 9 API calls 95380->95382 95385 d86346 95381->95385 95387 d4182c 95381->95387 95384 d413b6 95382->95384 95392 d417d4 95383->95392 95384->95381 95386 d413ec 95384->95386 95640 da359c 82 API calls __wsopen_s 95385->95640 95386->95385 95408 d41408 __fread_nolock 95386->95408 95388 d3aceb 23 API calls 95387->95388 95390 d41839 95388->95390 95637 d4d217 348 API calls 95390->95637 95391 d86369 95391->95271 95636 d501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95392->95636 95395 d8636e 95641 da359c 82 API calls __wsopen_s 95395->95641 95397 d4153c 95399 d41940 9 API calls 95397->95399 95398 d863d1 95643 db5745 54 API calls _wcslen 95398->95643 95401 d41549 95399->95401 95406 d41940 9 API calls 95401->95406 95413 d864fa 95401->95413 95402 d4fddb 22 API calls 95402->95408 95403 d41563 95403->95413 95417 d415c7 ISource 95403->95417 95644 d3a8c7 22 API calls __fread_nolock 95403->95644 95404 d4fe0b 22 API calls 95404->95408 95405 d41872 95638 d4faeb 23 API calls 95405->95638 95406->95403 95408->95390 95408->95391 95408->95395 95408->95402 95408->95404 95410 d3ec40 348 API calls 95408->95410 95411 d4152f 95408->95411 95412 d863b2 95408->95412 95410->95408 95411->95397 95411->95398 95642 da359c 82 API calls __wsopen_s 95412->95642 95413->95391 95645 da359c 82 API calls __wsopen_s 95413->95645 95416 d41940 9 API calls 95416->95417 95417->95391 95417->95405 95417->95413 95417->95416 95420 d4167b ISource 95417->95420 95606 dbab67 95417->95606 95609 dba2ea 95417->95609 95614 dbabf7 95417->95614 95619 dc1591 95417->95619 95622 da5c5a 95417->95622 95627 d4f645 95417->95627 95418 d4171d 95418->95271 95420->95418 95634 d4ce17 22 API calls ISource 95420->95634 95427->95271 95428->95271 95429->95271 95451 d3ec76 ISource 95430->95451 95431 d4fddb 22 API calls 95431->95451 95432 d3fef7 95446 d3ed9d ISource 95432->95446 95880 d3a8c7 22 API calls __fread_nolock 95432->95880 95435 d84600 95435->95446 95879 d3a8c7 22 API calls __fread_nolock 95435->95879 95436 d84b0b 95882 da359c 82 API calls __wsopen_s 95436->95882 95437 d3a8c7 22 API calls 95437->95451 95441 d50242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95441->95451 95444 d3fbe3 95444->95446 95447 d84bdc 95444->95447 95453 d3f3ae ISource 95444->95453 95445 d3a961 22 API calls 95445->95451 95446->95271 95883 da359c 82 API calls __wsopen_s 95447->95883 95448 d500a3 29 API calls pre_c_initialization 95448->95451 95450 d84beb 95884 da359c 82 API calls __wsopen_s 95450->95884 95451->95431 95451->95432 95451->95435 95451->95436 95451->95437 95451->95441 95451->95444 95451->95445 95451->95446 95451->95448 95451->95450 95452 d501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95451->95452 95451->95453 95817 d401e0 95451->95817 95878 d406a0 41 API calls ISource 95451->95878 95452->95451 95453->95446 95881 da359c 82 API calls __wsopen_s 95453->95881 95454->95271 95455->95265 95456->95265 95457->95265 95915 d9def7 95458->95915 95460 d9d529 Process32NextW 95461 d9d5db CloseHandle 95460->95461 95467 d9d522 95460->95467 95461->95265 95462 d3a961 22 API calls 95462->95467 95463 d39cb3 22 API calls 95463->95467 95467->95460 95467->95461 95467->95462 95467->95463 95921 d3525f 22 API calls 95467->95921 95922 d36350 22 API calls 95467->95922 95923 d4ce60 41 API calls 95467->95923 95469 d3ec40 348 API calls 95468->95469 95471 d3d29d 95469->95471 95472 d3d30b ISource 95471->95472 95473 d3d6d5 95471->95473 95474 d3d3c3 95471->95474 95483 d3d4b8 95471->95483 95484 d81bc4 95471->95484 95487 d4fddb 22 API calls 95471->95487 95495 d3d429 ISource __fread_nolock 95471->95495 95472->95282 95473->95472 95482 d4fe0b 22 API calls 95473->95482 95474->95473 95476 d3d3ce 95474->95476 95475 d3d5ff 95478 d3d614 95475->95478 95479 d81bb5 95475->95479 95477 d4fddb 22 API calls 95476->95477 95489 d3d3d5 __fread_nolock 95477->95489 95480 d4fddb 22 API calls 95478->95480 95508 db5705 23 API calls 95479->95508 95491 d3d46a 95480->95491 95482->95489 95485 d4fe0b 22 API calls 95483->95485 95509 da359c 82 API calls __wsopen_s 95484->95509 95485->95495 95486 d4fddb 22 API calls 95488 d3d3f6 95486->95488 95487->95471 95488->95495 95501 d3bec0 348 API calls 95488->95501 95489->95486 95489->95488 95491->95282 95492 d81ba4 95507 da359c 82 API calls __wsopen_s 95492->95507 95495->95475 95495->95491 95495->95492 95496 d81b7f 95495->95496 95498 d81b5d 95495->95498 95502 d31f6f 95495->95502 95506 da359c 82 API calls __wsopen_s 95496->95506 95505 da359c 82 API calls __wsopen_s 95498->95505 95500->95283 95501->95495 95503 d3ec40 348 API calls 95502->95503 95504 d31f98 95503->95504 95504->95495 95505->95491 95506->95491 95507->95491 95508->95484 95509->95472 95510->95301 95512 d3a826 95511->95512 95513 d3a855 95512->95513 95524 d3a993 95512->95524 95513->95301 95515->95301 95516->95289 95517->95297 95518->95301 95519->95301 95520->95301 95521->95301 95522->95301 95523->95301 95541 d3bbe0 95524->95541 95526 d3a9a3 95527 d3a9b1 95526->95527 95528 d7f8c8 95526->95528 95530 d4fddb 22 API calls 95527->95530 95551 d3aceb 95528->95551 95532 d3a9c2 95530->95532 95531 d7f8d3 95533 d3a961 22 API calls 95532->95533 95534 d3a9cc 95533->95534 95535 d3a9db 95534->95535 95549 d3a8c7 22 API calls __fread_nolock 95534->95549 95536 d4fddb 22 API calls 95535->95536 95538 d3a9e5 95536->95538 95550 d3a869 40 API calls 95538->95550 95540 d3aa09 95540->95513 95542 d3be27 95541->95542 95546 d3bbf3 95541->95546 95542->95526 95544 d3a961 22 API calls 95544->95546 95545 d3bc9d 95545->95526 95546->95544 95546->95545 95561 d50242 5 API calls __Init_thread_wait 95546->95561 95562 d500a3 29 API calls __onexit 95546->95562 95563 d501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95546->95563 95549->95535 95550->95540 95552 d3acf9 95551->95552 95560 d3ad2a ISource 95551->95560 95553 d3ad55 95552->95553 95555 d3ad01 ISource 95552->95555 95553->95560 95564 d3a8c7 22 API calls __fread_nolock 95553->95564 95556 d3ad21 95555->95556 95557 d7fa48 95555->95557 95555->95560 95559 d7fa3a VariantClear 95556->95559 95556->95560 95557->95560 95565 d4ce17 22 API calls ISource 95557->95565 95559->95560 95560->95531 95561->95546 95562->95546 95563->95546 95564->95560 95565->95560 95567 d3ae01 95566->95567 95570 d3ae1c ISource 95566->95570 95568 d3aec9 22 API calls 95567->95568 95569 d3ae09 CharUpperBuffW 95568->95569 95569->95570 95570->95309 95572 d3acae 95571->95572 95573 d3acd1 95572->95573 95597 da359c 82 API calls __wsopen_s 95572->95597 95573->95361 95576 d3ad92 95575->95576 95577 d7fadb 95575->95577 95578 d4fddb 22 API calls 95576->95578 95579 d3ad99 95578->95579 95598 d3adcd 95579->95598 95582->95362 95583->95362 95584->95313 95585->95350 95586->95328 95587->95350 95588->95350 95589->95361 95590->95361 95591->95361 95592->95361 95593->95350 95594->95346 95595->95348 95596->95350 95597->95573 95601 d3addd 95598->95601 95599 d3adb6 95599->95361 95600 d4fddb 22 API calls 95600->95601 95601->95599 95601->95600 95602 d3a961 22 API calls 95601->95602 95604 d3adcd 22 API calls 95601->95604 95605 d3a8c7 22 API calls __fread_nolock 95601->95605 95602->95601 95604->95601 95605->95601 95646 dbaff9 95606->95646 95610 d37510 53 API calls 95609->95610 95611 dba306 95610->95611 95612 d9d4dc 47 API calls 95611->95612 95613 dba315 95612->95613 95613->95417 95615 dbaff9 217 API calls 95614->95615 95617 dbac0c 95615->95617 95616 dbac54 95616->95417 95617->95616 95618 d3aceb 23 API calls 95617->95618 95618->95616 95801 dc2ad8 95619->95801 95621 dc159f 95621->95417 95623 d37510 53 API calls 95622->95623 95624 da5c6d 95623->95624 95812 d9dbbe lstrlenW 95624->95812 95626 da5c77 95626->95417 95628 d3b567 39 API calls 95627->95628 95629 d4f659 95628->95629 95630 d8f2dc Sleep 95629->95630 95631 d4f661 timeGetTime 95629->95631 95632 d3b567 39 API calls 95631->95632 95633 d4f677 95632->95633 95633->95417 95634->95420 95635->95378 95636->95381 95637->95405 95638->95405 95639->95376 95640->95391 95641->95391 95642->95391 95643->95403 95644->95417 95645->95391 95647 dbb01d ___scrt_fastfail 95646->95647 95648 dbb058 95647->95648 95649 dbb094 95647->95649 95767 d3b567 95648->95767 95651 d3b567 39 API calls 95649->95651 95656 dbb08b 95649->95656 95655 dbb0a5 95651->95655 95652 dbb063 95652->95656 95659 d3b567 39 API calls 95652->95659 95653 dbb0ed 95737 d37510 95653->95737 95658 d3b567 39 API calls 95655->95658 95656->95653 95660 d3b567 39 API calls 95656->95660 95658->95656 95662 dbb078 95659->95662 95660->95653 95664 d3b567 39 API calls 95662->95664 95663 dbb115 95665 dbb1d8 95663->95665 95666 dbb11f 95663->95666 95664->95656 95668 dbb20a GetCurrentDirectoryW 95665->95668 95671 d37510 53 API calls 95665->95671 95667 d37510 53 API calls 95666->95667 95669 dbb130 95667->95669 95670 d4fe0b 22 API calls 95668->95670 95673 d37620 22 API calls 95669->95673 95674 dbb22f GetCurrentDirectoryW 95670->95674 95672 dbb1ef 95671->95672 95675 d37620 22 API calls 95672->95675 95676 dbb13a 95673->95676 95677 dbb23c 95674->95677 95678 dbb1f9 _wcslen 95675->95678 95679 d37510 53 API calls 95676->95679 95681 dbb275 95677->95681 95772 d39c6e 22 API calls 95677->95772 95678->95668 95678->95681 95680 dbb14b 95679->95680 95682 d37620 22 API calls 95680->95682 95686 dbb28b 95681->95686 95687 dbb287 95681->95687 95684 dbb155 95682->95684 95688 d37510 53 API calls 95684->95688 95685 dbb255 95773 d39c6e 22 API calls 95685->95773 95775 da07c0 10 API calls 95686->95775 95696 dbb39a CreateProcessW 95687->95696 95697 dbb2f8 95687->95697 95691 dbb166 95688->95691 95693 d37620 22 API calls 95691->95693 95692 dbb265 95774 d39c6e 22 API calls 95692->95774 95698 dbb170 95693->95698 95695 dbb294 95776 da06e6 10 API calls 95695->95776 95716 dbb32f _wcslen 95696->95716 95778 d911c8 39 API calls 95697->95778 95702 dbb1a6 GetSystemDirectoryW 95698->95702 95706 d37510 53 API calls 95698->95706 95701 dbb2fd 95704 dbb32a 95701->95704 95705 dbb323 95701->95705 95708 d4fe0b 22 API calls 95702->95708 95703 dbb2aa 95777 da05a7 8 API calls 95703->95777 95780 d914ce 6 API calls 95704->95780 95779 d91201 128 API calls 2 library calls 95705->95779 95710 dbb187 95706->95710 95713 dbb1cb GetSystemDirectoryW 95708->95713 95715 d37620 22 API calls 95710->95715 95712 dbb2d0 95712->95687 95713->95677 95714 dbb328 95714->95716 95717 dbb191 _wcslen 95715->95717 95718 dbb42f CloseHandle 95716->95718 95719 dbb3d6 GetLastError 95716->95719 95717->95677 95717->95702 95720 dbb43f 95718->95720 95736 dbb49a 95718->95736 95730 dbb41a 95719->95730 95722 dbb451 95720->95722 95723 dbb446 CloseHandle 95720->95723 95725 dbb458 CloseHandle 95722->95725 95726 dbb463 95722->95726 95723->95722 95724 dbb4a6 95724->95730 95725->95726 95727 dbb46a CloseHandle 95726->95727 95728 dbb475 95726->95728 95727->95728 95781 da09d9 34 API calls 95728->95781 95764 da0175 95730->95764 95732 dbb486 95782 dbb536 25 API calls 95732->95782 95733 dbb4d2 CloseHandle 95733->95730 95736->95724 95736->95733 95738 d37525 95737->95738 95755 d37522 95737->95755 95739 d3755b 95738->95739 95740 d3752d 95738->95740 95742 d750f6 95739->95742 95743 d3756d 95739->95743 95751 d7500f 95739->95751 95783 d551c6 26 API calls 95740->95783 95786 d55183 26 API calls 95742->95786 95784 d4fb21 51 API calls 95743->95784 95744 d3753d 95749 d4fddb 22 API calls 95744->95749 95747 d7510e 95747->95747 95752 d37547 95749->95752 95750 d75088 95785 d4fb21 51 API calls 95750->95785 95751->95750 95754 d4fe0b 22 API calls 95751->95754 95753 d39cb3 22 API calls 95752->95753 95753->95755 95757 d75058 95754->95757 95760 d37620 95755->95760 95756 d4fddb 22 API calls 95758 d7507f 95756->95758 95757->95756 95759 d39cb3 22 API calls 95758->95759 95759->95750 95761 d3762a _wcslen 95760->95761 95762 d4fe0b 22 API calls 95761->95762 95763 d3763f 95762->95763 95763->95663 95787 da030f 95764->95787 95768 d3b578 95767->95768 95769 d3b57f 95767->95769 95768->95769 95800 d562d1 39 API calls 95768->95800 95769->95652 95771 d3b5c2 95771->95652 95772->95685 95773->95692 95774->95681 95775->95695 95776->95703 95777->95712 95778->95701 95779->95714 95780->95716 95781->95732 95782->95736 95783->95744 95784->95744 95785->95742 95786->95747 95788 da0329 95787->95788 95789 da0321 CloseHandle 95787->95789 95790 da032e CloseHandle 95788->95790 95791 da0336 95788->95791 95789->95788 95790->95791 95792 da033b CloseHandle 95791->95792 95793 da0343 95791->95793 95792->95793 95794 da0348 CloseHandle 95793->95794 95795 da0350 95793->95795 95794->95795 95796 da035d 95795->95796 95797 da0355 CloseHandle 95795->95797 95798 da017d 95796->95798 95799 da0362 CloseHandle 95796->95799 95797->95796 95798->95417 95799->95798 95800->95771 95802 d3aceb 23 API calls 95801->95802 95803 dc2af3 95802->95803 95804 dc2b1d 95803->95804 95805 dc2aff 95803->95805 95807 d36b57 22 API calls 95804->95807 95806 d37510 53 API calls 95805->95806 95809 dc2b0c 95806->95809 95808 dc2b1b 95807->95808 95808->95621 95809->95808 95811 d3a8c7 22 API calls __fread_nolock 95809->95811 95811->95808 95813 d9dbdc GetFileAttributesW 95812->95813 95814 d9dc06 95812->95814 95813->95814 95815 d9dbe8 FindFirstFileW 95813->95815 95814->95626 95815->95814 95816 d9dbf9 FindClose 95815->95816 95816->95814 95818 d40206 95817->95818 95833 d4027e 95817->95833 95819 d85411 95818->95819 95820 d40213 95818->95820 95903 db7b7e 348 API calls 2 library calls 95819->95903 95827 d4021d 95820->95827 95828 d85435 95820->95828 95821 d85405 95902 da359c 82 API calls __wsopen_s 95821->95902 95823 d3ec40 348 API calls 95823->95833 95826 d85466 95829 d85471 95826->95829 95830 d85493 95826->95830 95877 d40230 ISource 95827->95877 95908 d3a8c7 22 API calls __fread_nolock 95827->95908 95828->95826 95832 d8544d 95828->95832 95905 db7b7e 348 API calls 2 library calls 95829->95905 95885 db5689 95830->95885 95831 d40405 95831->95451 95904 da359c 82 API calls __wsopen_s 95832->95904 95833->95823 95833->95831 95840 d851b9 95833->95840 95851 d403f9 95833->95851 95857 d40344 95833->95857 95861 d851ce ISource 95833->95861 95867 d403b2 ISource 95833->95867 95838 d85332 95838->95877 95901 d3a8c7 22 API calls __fread_nolock 95838->95901 95898 da359c 82 API calls __wsopen_s 95840->95898 95843 d8568a 95846 d856c0 95843->95846 95910 db7771 67 API calls 95843->95910 95844 d85532 95906 da1119 22 API calls 95844->95906 95850 d3aceb 23 API calls 95846->95850 95848 d85668 95852 d37510 53 API calls 95848->95852 95872 d40273 ISource 95850->95872 95851->95831 95897 da359c 82 API calls __wsopen_s 95851->95897 95868 d85670 _wcslen 95852->95868 95853 d854b9 95892 da0acc 95853->95892 95854 d8569e 95859 d37510 53 API calls 95854->95859 95857->95851 95896 d404f0 22 API calls 95857->95896 95871 d856a6 _wcslen 95859->95871 95860 d85544 95907 d3a673 22 API calls 95860->95907 95861->95867 95861->95872 95899 da359c 82 API calls __wsopen_s 95861->95899 95862 d403a5 95862->95851 95862->95867 95866 d8554d 95874 da0acc 22 API calls 95866->95874 95867->95821 95867->95838 95867->95872 95867->95877 95900 d4a308 348 API calls 95867->95900 95868->95843 95870 d3aceb 23 API calls 95868->95870 95869 d41310 348 API calls 95869->95877 95870->95843 95871->95846 95873 d3aceb 23 API calls 95871->95873 95872->95451 95873->95846 95875 d85566 95874->95875 95876 d3bf40 348 API calls 95875->95876 95876->95877 95877->95843 95877->95872 95909 db7632 54 API calls __wsopen_s 95877->95909 95878->95451 95879->95446 95880->95446 95881->95446 95882->95446 95883->95450 95884->95446 95886 db56a4 95885->95886 95887 d8549e 95885->95887 95888 d4fe0b 22 API calls 95886->95888 95887->95844 95887->95853 95890 db56c6 95888->95890 95889 d4fddb 22 API calls 95889->95890 95890->95887 95890->95889 95911 da0a59 95890->95911 95893 d854e3 95892->95893 95894 da0ada 95892->95894 95893->95869 95894->95893 95895 d4fddb 22 API calls 95894->95895 95895->95893 95896->95862 95897->95872 95898->95861 95899->95867 95900->95867 95901->95877 95902->95819 95903->95877 95904->95872 95905->95877 95906->95860 95907->95866 95908->95877 95909->95848 95910->95854 95912 da0a7a 95911->95912 95913 d4fddb 22 API calls 95912->95913 95914 da0a85 95912->95914 95913->95914 95914->95890 95916 d9df02 95915->95916 95917 d9df19 95916->95917 95920 d9df1f 95916->95920 95924 d563b2 GetStringTypeW _strftime 95916->95924 95925 d562fb 39 API calls 95917->95925 95920->95467 95921->95467 95922->95467 95923->95467 95924->95916 95925->95920 95926 d3fe73 95933 d4ceb1 95926->95933 95928 d3fe89 95942 d4cf92 95928->95942 95930 d3feb3 95954 da359c 82 API calls __wsopen_s 95930->95954 95932 d84ab8 95934 d4ced2 95933->95934 95935 d4cebf 95933->95935 95937 d4cf05 95934->95937 95938 d4ced7 95934->95938 95936 d3aceb 23 API calls 95935->95936 95941 d4cec9 95936->95941 95940 d3aceb 23 API calls 95937->95940 95939 d4fddb 22 API calls 95938->95939 95939->95941 95940->95941 95941->95928 95943 d36270 22 API calls 95942->95943 95944 d4cfc9 95943->95944 95945 d39cb3 22 API calls 95944->95945 95947 d4cffa 95944->95947 95946 d8d166 95945->95946 95955 d36350 22 API calls 95946->95955 95947->95930 95949 d8d171 95956 d4d2f0 40 API calls 95949->95956 95951 d8d184 95952 d3aceb 23 API calls 95951->95952 95953 d8d188 95951->95953 95952->95953 95953->95953 95954->95932 95955->95949 95956->95951 95957 d31033 95962 d34c91 95957->95962 95961 d31042 95963 d3a961 22 API calls 95962->95963 95964 d34cff 95963->95964 95970 d33af0 95964->95970 95966 d34d9c 95968 d31038 95966->95968 95973 d351f7 22 API calls __fread_nolock 95966->95973 95969 d500a3 29 API calls __onexit 95968->95969 95969->95961 95971 d33b1c 3 API calls 95970->95971 95972 d33b0f 95971->95972 95972->95966 95973->95966 95974 d8d27a GetUserNameW 95975 d8d292 95974->95975 95976 d32e37 95977 d3a961 22 API calls 95976->95977 95978 d32e4d 95977->95978 96055 d34ae3 95978->96055 95980 d32e6b 95981 d33a5a 24 API calls 95980->95981 95982 d32e7f 95981->95982 95983 d39cb3 22 API calls 95982->95983 95984 d32e8c 95983->95984 96069 d34ecb 95984->96069 95987 d72cb0 96107 da2cf9 95987->96107 95988 d32ead 96091 d3a8c7 22 API calls __fread_nolock 95988->96091 95990 d72cc3 95991 d72ccf 95990->95991 96133 d34f39 95990->96133 95996 d34f39 68 API calls 95991->95996 95994 d32ec3 96092 d36f88 22 API calls 95994->96092 95998 d72ce5 95996->95998 95997 d32ecf 95999 d39cb3 22 API calls 95997->95999 96139 d33084 22 API calls 95998->96139 96000 d32edc 95999->96000 96001 d3a81b 41 API calls 96000->96001 96002 d32eec 96001->96002 96005 d39cb3 22 API calls 96002->96005 96004 d72d02 96140 d33084 22 API calls 96004->96140 96006 d32f12 96005->96006 96009 d3a81b 41 API calls 96006->96009 96008 d72d1e 96010 d33a5a 24 API calls 96008->96010 96012 d32f21 96009->96012 96011 d72d44 96010->96011 96141 d33084 22 API calls 96011->96141 96015 d3a961 22 API calls 96012->96015 96014 d72d50 96142 d3a8c7 22 API calls __fread_nolock 96014->96142 96017 d32f3f 96015->96017 96093 d33084 22 API calls 96017->96093 96018 d72d5e 96143 d33084 22 API calls 96018->96143 96021 d32f4b 96094 d54a28 40 API calls 3 library calls 96021->96094 96022 d72d6d 96144 d3a8c7 22 API calls __fread_nolock 96022->96144 96024 d32f59 96024->95998 96025 d32f63 96024->96025 96095 d54a28 40 API calls 3 library calls 96025->96095 96028 d32f6e 96028->96004 96030 d32f78 96028->96030 96029 d72d83 96145 d33084 22 API calls 96029->96145 96096 d54a28 40 API calls 3 library calls 96030->96096 96032 d72d90 96034 d32f83 96034->96008 96035 d32f8d 96034->96035 96097 d54a28 40 API calls 3 library calls 96035->96097 96037 d32f98 96038 d32fdc 96037->96038 96098 d33084 22 API calls 96037->96098 96038->96022 96039 d32fe8 96038->96039 96039->96032 96101 d363eb 22 API calls 96039->96101 96042 d32fbf 96099 d3a8c7 22 API calls __fread_nolock 96042->96099 96043 d32ff8 96102 d36a50 22 API calls 96043->96102 96045 d32fcd 96100 d33084 22 API calls 96045->96100 96048 d33006 96103 d370b0 23 API calls 96048->96103 96052 d33021 96053 d33065 96052->96053 96104 d36f88 22 API calls 96052->96104 96105 d370b0 23 API calls 96052->96105 96106 d33084 22 API calls 96052->96106 96056 d34af0 __wsopen_s 96055->96056 96057 d36b57 22 API calls 96056->96057 96058 d34b22 96056->96058 96057->96058 96068 d34b58 96058->96068 96146 d34c6d 96058->96146 96060 d34c6d 22 API calls 96060->96068 96061 d39cb3 22 API calls 96063 d34c52 96061->96063 96062 d39cb3 22 API calls 96062->96068 96064 d3515f 22 API calls 96063->96064 96066 d34c5e 96064->96066 96065 d3515f 22 API calls 96065->96068 96066->95980 96067 d34c29 96067->96061 96067->96066 96068->96060 96068->96062 96068->96065 96068->96067 96149 d34e90 LoadLibraryA 96069->96149 96074 d34ef6 LoadLibraryExW 96157 d34e59 LoadLibraryA 96074->96157 96075 d73ccf 96076 d34f39 68 API calls 96075->96076 96078 d73cd6 96076->96078 96080 d34e59 3 API calls 96078->96080 96082 d73cde 96080->96082 96179 d350f5 96082->96179 96083 d34f20 96083->96082 96084 d34f2c 96083->96084 96085 d34f39 68 API calls 96084->96085 96087 d32ea5 96085->96087 96087->95987 96087->95988 96090 d73d05 96091->95994 96092->95997 96093->96021 96094->96024 96095->96028 96096->96034 96097->96037 96098->96042 96099->96045 96100->96038 96101->96043 96102->96048 96103->96052 96104->96052 96105->96052 96106->96052 96108 da2d15 96107->96108 96109 d3511f 64 API calls 96108->96109 96110 da2d29 96109->96110 96319 da2e66 96110->96319 96113 da2d3f 96113->95990 96114 d350f5 40 API calls 96115 da2d56 96114->96115 96116 d350f5 40 API calls 96115->96116 96117 da2d66 96116->96117 96118 d350f5 40 API calls 96117->96118 96119 da2d81 96118->96119 96120 d350f5 40 API calls 96119->96120 96121 da2d9c 96120->96121 96122 d3511f 64 API calls 96121->96122 96123 da2db3 96122->96123 96124 d5ea0c ___std_exception_copy 21 API calls 96123->96124 96125 da2dba 96124->96125 96126 d5ea0c ___std_exception_copy 21 API calls 96125->96126 96127 da2dc4 96126->96127 96128 d350f5 40 API calls 96127->96128 96129 da2dd8 96128->96129 96130 da28fe 27 API calls 96129->96130 96131 da2dee 96130->96131 96131->96113 96325 da22ce 79 API calls 96131->96325 96134 d34f43 96133->96134 96135 d34f4a 96133->96135 96326 d5e678 96134->96326 96137 d34f6a FreeLibrary 96135->96137 96138 d34f59 96135->96138 96137->96138 96138->95991 96139->96004 96140->96008 96141->96014 96142->96018 96143->96022 96144->96029 96145->96032 96147 d3aec9 22 API calls 96146->96147 96148 d34c78 96147->96148 96148->96058 96150 d34ec6 96149->96150 96151 d34ea8 GetProcAddress 96149->96151 96154 d5e5eb 96150->96154 96152 d34eb8 96151->96152 96152->96150 96153 d34ebf FreeLibrary 96152->96153 96153->96150 96187 d5e52a 96154->96187 96156 d34eea 96156->96074 96156->96075 96158 d34e6e GetProcAddress 96157->96158 96159 d34e8d 96157->96159 96160 d34e7e 96158->96160 96162 d34f80 96159->96162 96160->96159 96161 d34e86 FreeLibrary 96160->96161 96161->96159 96163 d4fe0b 22 API calls 96162->96163 96164 d34f95 96163->96164 96165 d35722 22 API calls 96164->96165 96166 d34fa1 __fread_nolock 96165->96166 96167 d350a5 96166->96167 96168 d73d1d 96166->96168 96177 d34fdc 96166->96177 96248 d342a2 CreateStreamOnHGlobal 96167->96248 96259 da304d 74 API calls 96168->96259 96171 d73d22 96173 d3511f 64 API calls 96171->96173 96172 d350f5 40 API calls 96172->96177 96174 d73d45 96173->96174 96175 d350f5 40 API calls 96174->96175 96178 d3506e ISource 96175->96178 96177->96171 96177->96172 96177->96178 96254 d3511f 96177->96254 96178->96083 96180 d35107 96179->96180 96181 d73d70 96179->96181 96281 d5e8c4 96180->96281 96184 da28fe 96302 da274e 96184->96302 96186 da2919 96186->96090 96190 d5e536 BuildCatchObjectHelperInternal 96187->96190 96188 d5e544 96212 d5f2d9 20 API calls _abort 96188->96212 96190->96188 96192 d5e574 96190->96192 96191 d5e549 96213 d627ec 26 API calls pre_c_initialization 96191->96213 96194 d5e586 96192->96194 96195 d5e579 96192->96195 96204 d68061 96194->96204 96214 d5f2d9 20 API calls _abort 96195->96214 96198 d5e58f 96199 d5e595 96198->96199 96200 d5e5a2 96198->96200 96215 d5f2d9 20 API calls _abort 96199->96215 96216 d5e5d4 LeaveCriticalSection __fread_nolock 96200->96216 96202 d5e554 __fread_nolock 96202->96156 96205 d6806d BuildCatchObjectHelperInternal 96204->96205 96217 d62f5e EnterCriticalSection 96205->96217 96207 d6807b 96218 d680fb 96207->96218 96211 d680ac __fread_nolock 96211->96198 96212->96191 96213->96202 96214->96202 96215->96202 96216->96202 96217->96207 96219 d6811e 96218->96219 96220 d68177 96219->96220 96227 d68088 96219->96227 96235 d5918d EnterCriticalSection 96219->96235 96236 d591a1 LeaveCriticalSection 96219->96236 96237 d64c7d 20 API calls 2 library calls 96220->96237 96222 d68180 96238 d629c8 96222->96238 96225 d68189 96225->96227 96244 d63405 11 API calls 2 library calls 96225->96244 96232 d680b7 96227->96232 96228 d681a8 96245 d5918d EnterCriticalSection 96228->96245 96231 d681bb 96231->96227 96247 d62fa6 LeaveCriticalSection 96232->96247 96234 d680be 96234->96211 96235->96219 96236->96219 96237->96222 96239 d629d3 RtlFreeHeap 96238->96239 96240 d629fc _free 96238->96240 96239->96240 96241 d629e8 96239->96241 96240->96225 96246 d5f2d9 20 API calls _abort 96241->96246 96243 d629ee GetLastError 96243->96240 96244->96228 96245->96231 96246->96243 96247->96234 96249 d342d9 96248->96249 96250 d342bc FindResourceExW 96248->96250 96249->96177 96250->96249 96251 d735ba LoadResource 96250->96251 96251->96249 96252 d735cf SizeofResource 96251->96252 96252->96249 96253 d735e3 LockResource 96252->96253 96253->96249 96255 d73d90 96254->96255 96256 d3512e 96254->96256 96260 d5ece3 96256->96260 96259->96171 96263 d5eaaa 96260->96263 96262 d3513c 96262->96177 96265 d5eab6 BuildCatchObjectHelperInternal 96263->96265 96264 d5eac2 96276 d5f2d9 20 API calls _abort 96264->96276 96265->96264 96266 d5eae8 96265->96266 96278 d5918d EnterCriticalSection 96266->96278 96268 d5eac7 96277 d627ec 26 API calls pre_c_initialization 96268->96277 96271 d5eaf4 96279 d5ec0a 62 API calls 2 library calls 96271->96279 96273 d5eb08 96280 d5eb27 LeaveCriticalSection __fread_nolock 96273->96280 96275 d5ead2 __fread_nolock 96275->96262 96276->96268 96277->96275 96278->96271 96279->96273 96280->96275 96284 d5e8e1 96281->96284 96283 d35118 96283->96184 96285 d5e8ed BuildCatchObjectHelperInternal 96284->96285 96286 d5e92d 96285->96286 96287 d5e925 __fread_nolock 96285->96287 96292 d5e900 ___scrt_fastfail 96285->96292 96299 d5918d EnterCriticalSection 96286->96299 96287->96283 96289 d5e937 96300 d5e6f8 38 API calls 4 library calls 96289->96300 96297 d5f2d9 20 API calls _abort 96292->96297 96293 d5e91a 96298 d627ec 26 API calls pre_c_initialization 96293->96298 96294 d5e94e 96301 d5e96c LeaveCriticalSection __fread_nolock 96294->96301 96297->96293 96298->96287 96299->96289 96300->96294 96301->96287 96305 d5e4e8 96302->96305 96304 da275d 96304->96186 96308 d5e469 96305->96308 96307 d5e505 96307->96304 96309 d5e48c 96308->96309 96310 d5e478 96308->96310 96315 d5e488 __alldvrm 96309->96315 96318 d6333f 11 API calls 2 library calls 96309->96318 96316 d5f2d9 20 API calls _abort 96310->96316 96312 d5e47d 96317 d627ec 26 API calls pre_c_initialization 96312->96317 96315->96307 96316->96312 96317->96315 96318->96315 96324 da2e7a 96319->96324 96320 da2d3b 96320->96113 96320->96114 96321 d350f5 40 API calls 96321->96324 96322 da28fe 27 API calls 96322->96324 96323 d3511f 64 API calls 96323->96324 96324->96320 96324->96321 96324->96322 96324->96323 96325->96113 96327 d5e684 BuildCatchObjectHelperInternal 96326->96327 96328 d5e695 96327->96328 96330 d5e6aa 96327->96330 96356 d5f2d9 20 API calls _abort 96328->96356 96338 d5e6a5 __fread_nolock 96330->96338 96339 d5918d EnterCriticalSection 96330->96339 96331 d5e69a 96357 d627ec 26 API calls pre_c_initialization 96331->96357 96334 d5e6c6 96340 d5e602 96334->96340 96336 d5e6d1 96358 d5e6ee LeaveCriticalSection __fread_nolock 96336->96358 96338->96135 96339->96334 96341 d5e624 96340->96341 96342 d5e60f 96340->96342 96349 d5e61f 96341->96349 96359 d5dc0b 96341->96359 96391 d5f2d9 20 API calls _abort 96342->96391 96344 d5e614 96392 d627ec 26 API calls pre_c_initialization 96344->96392 96349->96336 96352 d5e646 96376 d6862f 96352->96376 96355 d629c8 _free 20 API calls 96355->96349 96356->96331 96357->96338 96358->96338 96360 d5dc23 96359->96360 96364 d5dc1f 96359->96364 96361 d5d955 __fread_nolock 26 API calls 96360->96361 96360->96364 96362 d5dc43 96361->96362 96393 d659be 62 API calls 6 library calls 96362->96393 96365 d64d7a 96364->96365 96366 d64d90 96365->96366 96368 d5e640 96365->96368 96367 d629c8 _free 20 API calls 96366->96367 96366->96368 96367->96368 96369 d5d955 96368->96369 96370 d5d976 96369->96370 96371 d5d961 96369->96371 96370->96352 96394 d5f2d9 20 API calls _abort 96371->96394 96373 d5d966 96395 d627ec 26 API calls pre_c_initialization 96373->96395 96375 d5d971 96375->96352 96377 d68653 96376->96377 96378 d6863e 96376->96378 96380 d6868e 96377->96380 96384 d6867a 96377->96384 96399 d5f2c6 20 API calls _abort 96378->96399 96401 d5f2c6 20 API calls _abort 96380->96401 96381 d68643 96400 d5f2d9 20 API calls _abort 96381->96400 96396 d68607 96384->96396 96385 d68693 96402 d5f2d9 20 API calls _abort 96385->96402 96388 d5e64c 96388->96349 96388->96355 96389 d6869b 96403 d627ec 26 API calls pre_c_initialization 96389->96403 96391->96344 96392->96349 96393->96364 96394->96373 96395->96375 96404 d68585 96396->96404 96398 d6862b 96398->96388 96399->96381 96400->96388 96401->96385 96402->96389 96403->96388 96405 d68591 BuildCatchObjectHelperInternal 96404->96405 96415 d65147 EnterCriticalSection 96405->96415 96407 d6859f 96408 d685c6 96407->96408 96409 d685d1 96407->96409 96411 d686ae __wsopen_s 29 API calls 96408->96411 96416 d5f2d9 20 API calls _abort 96409->96416 96412 d685cc 96411->96412 96417 d685fb LeaveCriticalSection __wsopen_s 96412->96417 96414 d685ee __fread_nolock 96414->96398 96415->96407 96416->96412 96417->96414 96418 d83f75 96419 d4ceb1 23 API calls 96418->96419 96420 d83f8b 96419->96420 96422 d84006 96420->96422 96429 d4e300 23 API calls 96420->96429 96423 d3bf40 348 API calls 96422->96423 96425 d84052 96423->96425 96427 d84a88 96425->96427 96431 da359c 82 API calls __wsopen_s 96425->96431 96426 d83fe6 96426->96425 96430 da1abf 22 API calls 96426->96430 96429->96426 96430->96422 96431->96427 96432 d503fb 96433 d50407 BuildCatchObjectHelperInternal 96432->96433 96461 d4feb1 96433->96461 96435 d5040e 96436 d50561 96435->96436 96440 d50438 96435->96440 96491 d5083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96436->96491 96438 d50568 96484 d54e52 96438->96484 96449 d50477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96440->96449 96472 d6247d 96440->96472 96446 d50457 96452 d504d8 96449->96452 96487 d54e1a 38 API calls 3 library calls 96449->96487 96450 d504de 96453 d504f3 96450->96453 96480 d50959 96452->96480 96488 d50992 GetModuleHandleW 96453->96488 96455 d504fa 96455->96438 96456 d504fe 96455->96456 96457 d50507 96456->96457 96489 d54df5 28 API calls _abort 96456->96489 96490 d50040 13 API calls 2 library calls 96457->96490 96460 d5050f 96460->96446 96462 d4feba 96461->96462 96493 d50698 IsProcessorFeaturePresent 96462->96493 96464 d4fec6 96494 d52c94 10 API calls 3 library calls 96464->96494 96466 d4fecb 96467 d4fecf 96466->96467 96495 d62317 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96466->96495 96467->96435 96469 d4fed8 96470 d4fee6 96469->96470 96496 d52cbd 8 API calls 3 library calls 96469->96496 96470->96435 96473 d62494 96472->96473 96497 d50a8c 96473->96497 96475 d50451 96475->96446 96476 d62421 96475->96476 96477 d62450 96476->96477 96478 d50a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96477->96478 96479 d62479 96478->96479 96479->96449 96505 d52340 96480->96505 96483 d5097f 96483->96450 96507 d54bcf 96484->96507 96487->96452 96488->96455 96489->96457 96490->96460 96491->96438 96493->96464 96494->96466 96495->96469 96496->96467 96498 d50a95 96497->96498 96499 d50a97 IsProcessorFeaturePresent 96497->96499 96498->96475 96501 d50c5d 96499->96501 96504 d50c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96501->96504 96503 d50d40 96503->96475 96504->96503 96506 d5096c GetStartupInfoW 96505->96506 96506->96483 96508 d54bdb BuildCatchObjectHelperInternal 96507->96508 96509 d54bf4 96508->96509 96510 d54be2 96508->96510 96531 d62f5e EnterCriticalSection 96509->96531 96546 d54d29 GetModuleHandleW 96510->96546 96513 d54be7 96513->96509 96547 d54d6d GetModuleHandleExW 96513->96547 96514 d54c99 96535 d54cd9 96514->96535 96519 d54c70 96521 d54c88 96519->96521 96526 d62421 _abort 5 API calls 96519->96526 96520 d54bfb 96520->96514 96520->96519 96532 d621a8 96520->96532 96527 d62421 _abort 5 API calls 96521->96527 96522 d54cb6 96538 d54ce8 96522->96538 96523 d54ce2 96555 d71d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 96523->96555 96526->96521 96527->96514 96531->96520 96556 d61ee1 96532->96556 96575 d62fa6 LeaveCriticalSection 96535->96575 96537 d54cb2 96537->96522 96537->96523 96576 d6360c 96538->96576 96541 d54d16 96544 d54d6d _abort 8 API calls 96541->96544 96542 d54cf6 GetPEB 96542->96541 96543 d54d06 GetCurrentProcess TerminateProcess 96542->96543 96543->96541 96545 d54d1e ExitProcess 96544->96545 96546->96513 96548 d54d97 GetProcAddress 96547->96548 96549 d54dba 96547->96549 96550 d54dac 96548->96550 96551 d54dc0 FreeLibrary 96549->96551 96552 d54dc9 96549->96552 96550->96549 96551->96552 96553 d50a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96552->96553 96554 d54bf3 96553->96554 96554->96509 96559 d61e90 96556->96559 96558 d61f05 96558->96519 96560 d61e9c BuildCatchObjectHelperInternal 96559->96560 96567 d62f5e EnterCriticalSection 96560->96567 96562 d61eaa 96568 d61f31 96562->96568 96566 d61ec8 __fread_nolock 96566->96558 96567->96562 96569 d61f51 96568->96569 96572 d61f59 96568->96572 96570 d50a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96569->96570 96571 d61eb7 96570->96571 96574 d61ed5 LeaveCriticalSection _abort 96571->96574 96572->96569 96573 d629c8 _free 20 API calls 96572->96573 96573->96569 96574->96566 96575->96537 96577 d63627 96576->96577 96578 d63631 96576->96578 96580 d50a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96577->96580 96583 d62fd7 5 API calls 2 library calls 96578->96583 96582 d54cf2 96580->96582 96581 d63648 96581->96577 96582->96541 96582->96542 96583->96581 96584 d3defc 96587 d31d6f 96584->96587 96586 d3df07 96588 d31d8c 96587->96588 96589 d31f6f 348 API calls 96588->96589 96590 d31da6 96589->96590 96591 d72759 96590->96591 96593 d31e36 96590->96593 96595 d31dc2 96590->96595 96597 da359c 82 API calls __wsopen_s 96591->96597 96593->96586 96595->96593 96596 d3289a 23 API calls 96595->96596 96596->96593 96597->96593 96598 d32de3 96599 d32df0 __wsopen_s 96598->96599 96600 d32e09 96599->96600 96601 d72c2b ___scrt_fastfail 96599->96601 96602 d33aa2 23 API calls 96600->96602 96604 d72c47 GetOpenFileNameW 96601->96604 96603 d32e12 96602->96603 96614 d32da5 96603->96614 96606 d72c96 96604->96606 96608 d36b57 22 API calls 96606->96608 96610 d72cab 96608->96610 96610->96610 96611 d32e27 96632 d344a8 96611->96632 96615 d71f50 __wsopen_s 96614->96615 96616 d32db2 GetLongPathNameW 96615->96616 96617 d36b57 22 API calls 96616->96617 96618 d32dda 96617->96618 96619 d33598 96618->96619 96620 d3a961 22 API calls 96619->96620 96621 d335aa 96620->96621 96622 d33aa2 23 API calls 96621->96622 96623 d335b5 96622->96623 96624 d335c0 96623->96624 96625 d732eb 96623->96625 96627 d3515f 22 API calls 96624->96627 96631 d7330d 96625->96631 96668 d4ce60 41 API calls 96625->96668 96628 d335cc 96627->96628 96662 d335f3 96628->96662 96630 d335df 96630->96611 96633 d34ecb 94 API calls 96632->96633 96634 d344cd 96633->96634 96635 d73833 96634->96635 96636 d34ecb 94 API calls 96634->96636 96637 da2cf9 80 API calls 96635->96637 96638 d344e1 96636->96638 96639 d73848 96637->96639 96638->96635 96640 d344e9 96638->96640 96641 d7384c 96639->96641 96642 d73869 96639->96642 96644 d73854 96640->96644 96645 d344f5 96640->96645 96646 d34f39 68 API calls 96641->96646 96643 d4fe0b 22 API calls 96642->96643 96661 d738ae 96643->96661 96693 d9da5a 82 API calls 96644->96693 96692 d3940c 136 API calls 2 library calls 96645->96692 96646->96644 96649 d32e31 96650 d73862 96650->96642 96651 d73a5f 96656 d73a67 96651->96656 96652 d34f39 68 API calls 96652->96656 96656->96652 96695 d9989b 82 API calls __wsopen_s 96656->96695 96658 d39cb3 22 API calls 96658->96661 96661->96651 96661->96656 96661->96658 96669 d9967e 96661->96669 96672 da0b5a 96661->96672 96678 d3a4a1 96661->96678 96686 d33ff7 96661->96686 96694 d995ad 42 API calls _wcslen 96661->96694 96663 d33605 96662->96663 96667 d33624 __fread_nolock 96662->96667 96665 d4fe0b 22 API calls 96663->96665 96664 d4fddb 22 API calls 96666 d3363b 96664->96666 96665->96667 96666->96630 96667->96664 96668->96625 96670 d4fe0b 22 API calls 96669->96670 96671 d996ae __fread_nolock 96670->96671 96671->96661 96673 da0b65 96672->96673 96674 d4fddb 22 API calls 96673->96674 96675 da0b7c 96674->96675 96676 d39cb3 22 API calls 96675->96676 96677 da0b87 96676->96677 96677->96661 96679 d3a4b1 __fread_nolock 96678->96679 96680 d3a52b 96678->96680 96681 d4fddb 22 API calls 96679->96681 96683 d4fe0b 22 API calls 96680->96683 96682 d3a4b8 96681->96682 96684 d3a4d6 96682->96684 96685 d4fddb 22 API calls 96682->96685 96683->96679 96684->96661 96685->96684 96687 d3400a 96686->96687 96689 d340ae 96686->96689 96688 d4fe0b 22 API calls 96687->96688 96690 d3403c 96687->96690 96688->96690 96689->96661 96690->96689 96691 d4fddb 22 API calls 96690->96691 96691->96690 96692->96649 96693->96650 96694->96661 96695->96656 96696 d72ba5 96697 d32b25 96696->96697 96698 d72baf 96696->96698 96724 d32b83 7 API calls 96697->96724 96700 d33a5a 24 API calls 96698->96700 96701 d72bb8 96700->96701 96703 d39cb3 22 API calls 96701->96703 96706 d72bc6 96703->96706 96705 d32b2f 96709 d33837 49 API calls 96705->96709 96713 d32b44 96705->96713 96707 d72bf5 96706->96707 96708 d72bce 96706->96708 96711 d333c6 22 API calls 96707->96711 96710 d333c6 22 API calls 96708->96710 96709->96713 96712 d72bd9 96710->96712 96722 d72bf1 GetForegroundWindow ShellExecuteW 96711->96722 96728 d36350 22 API calls 96712->96728 96716 d330f2 Shell_NotifyIconW 96713->96716 96718 d32b5f 96713->96718 96716->96718 96717 d72be7 96720 d333c6 22 API calls 96717->96720 96721 d32b66 SetCurrentDirectoryW 96718->96721 96719 d72c26 96719->96718 96720->96722 96723 d32b7a 96721->96723 96722->96719 96729 d32cd4 7 API calls 96724->96729 96726 d32b2a 96727 d32c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96726->96727 96727->96705 96728->96717 96729->96726 96730 d3dee5 96733 d3b710 96730->96733 96734 d3b72b 96733->96734 96735 d800f8 96734->96735 96736 d80146 96734->96736 96763 d3b750 96734->96763 96739 d80102 96735->96739 96741 d8010f 96735->96741 96735->96763 96774 db58a2 348 API calls 2 library calls 96736->96774 96772 db5d33 348 API calls 96739->96772 96759 d3ba20 96741->96759 96773 db61d0 348 API calls 2 library calls 96741->96773 96743 d4d336 40 API calls 96743->96763 96746 d803d9 96746->96746 96749 d3ba4e 96751 d80322 96777 db5c0c 82 API calls 96751->96777 96754 d3a81b 41 API calls 96754->96763 96756 d3aceb 23 API calls 96756->96763 96758 d3bbe0 40 API calls 96758->96763 96759->96749 96778 da359c 82 API calls __wsopen_s 96759->96778 96760 d3ec40 348 API calls 96760->96763 96763->96743 96763->96749 96763->96751 96763->96754 96763->96756 96763->96758 96763->96759 96763->96760 96764 d4d2f0 40 API calls 96763->96764 96765 d4a01b 348 API calls 96763->96765 96766 d50242 5 API calls __Init_thread_wait 96763->96766 96767 d4edcd 22 API calls 96763->96767 96768 d500a3 29 API calls __onexit 96763->96768 96769 d501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96763->96769 96770 d4ee53 82 API calls 96763->96770 96771 d4e5ca 348 API calls 96763->96771 96775 d8f6bf 23 API calls 96763->96775 96776 d3a8c7 22 API calls __fread_nolock 96763->96776 96764->96763 96765->96763 96766->96763 96767->96763 96768->96763 96769->96763 96770->96763 96771->96763 96772->96741 96773->96759 96774->96763 96775->96763 96776->96763 96777->96759 96778->96746 96779 d8d3a0 96780 d8d3ab LoadLibraryA 96779->96780 96783 d8d292 96779->96783 96781 d8d3c9 96780->96781 96782 d8d3b9 GetProcAddress 96780->96782 96781->96783 96784 d8d3e4 FreeLibrary 96781->96784 96782->96781 96784->96783 96785 d31cad SystemParametersInfoW

                                                                                                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                                                                                                        Function 00D342DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 389 d342de-d3434d call d3a961 GetVersionExW call d36b57 394 d73617-d7362a 389->394 395 d34353 389->395 397 d7362b-d7362f 394->397 396 d34355-d34357 395->396 398 d73656 396->398 399 d3435d-d343bc call d393b2 call d337a0 396->399 400 d73632-d7363e 397->400 401 d73631 397->401 404 d7365d-d73660 398->404 418 d343c2-d343c4 399->418 419 d737df-d737e6 399->419 400->397 403 d73640-d73642 400->403 401->400 403->396 406 d73648-d7364f 403->406 408 d73666-d736a8 404->408 409 d3441b-d34435 GetCurrentProcess IsWow64Process 404->409 406->394 407 d73651 406->407 407->398 408->409 413 d736ae-d736b1 408->413 411 d34437 409->411 412 d34494-d3449a 409->412 415 d3443d-d34449 411->415 412->415 416 d736b3-d736bd 413->416 417 d736db-d736e5 413->417 420 d73824-d73828 GetSystemInfo 415->420 421 d3444f-d3445e LoadLibraryA 415->421 422 d736bf-d736c5 416->422 423 d736ca-d736d6 416->423 425 d736e7-d736f3 417->425 426 d736f8-d73702 417->426 418->404 424 d343ca-d343dd 418->424 427 d73806-d73809 419->427 428 d737e8 419->428 431 d34460-d3446e GetProcAddress 421->431 432 d3449c-d344a6 GetSystemInfo 421->432 422->409 423->409 433 d343e3-d343e5 424->433 434 d73726-d7372f 424->434 425->409 436 d73715-d73721 426->436 437 d73704-d73710 426->437 429 d737f4-d737fc 427->429 430 d7380b-d7381a 427->430 435 d737ee 428->435 429->427 430->435 440 d7381c-d73822 430->440 431->432 441 d34470-d34474 GetNativeSystemInfo 431->441 442 d34476-d34478 432->442 443 d343eb-d343ee 433->443 444 d7374d-d73762 433->444 438 d73731-d73737 434->438 439 d7373c-d73748 434->439 435->429 436->409 437->409 438->409 439->409 440->429 441->442 447 d34481-d34493 442->447 448 d3447a-d3447b FreeLibrary 442->448 449 d73791-d73794 443->449 450 d343f4-d3440f 443->450 445 d73764-d7376a 444->445 446 d7376f-d7377b 444->446 445->409 446->409 448->447 449->409 451 d7379a-d737c1 449->451 452 d34415 450->452 453 d73780-d7378c 450->453 454 d737c3-d737c9 451->454 455 d737ce-d737da 451->455 452->409 453->409 454->409 455->409
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetVersionExW.KERNEL32(?), ref: 00D3430D
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D36B57: _wcslen.LIBCMT ref: 00D36B6A
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,00DCCB64,00000000,?,?), ref: 00D34422
                                                                                                                                                                                                                                                                                                                                                                        • IsWow64Process.KERNEL32(00000000,?,?), ref: 00D34429
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00D34454
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00D34466
                                                                                                                                                                                                                                                                                                                                                                        • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00D34474
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 00D3447B
                                                                                                                                                                                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?), ref: 00D344A0
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 36e9009ea7e07989d582247ea3f98ea8927866f4c65311ba18cce6d8d2359640
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 53945b67d79bf1741ff8b6678843a41626977139e01d551da6eb102a918a32fa
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36e9009ea7e07989d582247ea3f98ea8927866f4c65311ba18cce6d8d2359640
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7A1C66191A3C0DFC715C76B7C815997FE46B26300F0A94F9E085BBA22D27E558CDB31
                                                                                                                                                                                                                                                                                                                                                                        Function 00D342A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1977 d342a2-d342ba CreateStreamOnHGlobal 1978 d342da-d342dd 1977->1978 1979 d342bc-d342d3 FindResourceExW 1977->1979 1980 d342d9 1979->1980 1981 d735ba-d735c9 LoadResource 1979->1981 1980->1978 1981->1980 1982 d735cf-d735dd SizeofResource 1981->1982 1982->1980 1983 d735e3-d735ee LockResource 1982->1983 1983->1980 1984 d735f4-d73612 1983->1984 1984->1980
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00D350AA,?,?,00000000,00000000), ref: 00D342B2
                                                                                                                                                                                                                                                                                                                                                                        • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00D350AA,?,?,00000000,00000000), ref: 00D342C9
                                                                                                                                                                                                                                                                                                                                                                        • LoadResource.KERNEL32(?,00000000,?,?,00D350AA,?,?,00000000,00000000,?,?,?,?,?,?,00D34F20), ref: 00D735BE
                                                                                                                                                                                                                                                                                                                                                                        • SizeofResource.KERNEL32(?,00000000,?,?,00D350AA,?,?,00000000,00000000,?,?,?,?,?,?,00D34F20), ref: 00D735D3
                                                                                                                                                                                                                                                                                                                                                                        • LockResource.KERNEL32(00D350AA,?,?,00D350AA,?,?,00000000,00000000,?,?,?,?,?,?,00D34F20,?), ref: 00D735E6
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                                        • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8ca7e480cf30bc672337078f3eb168acdccc2441968e0b4cd54e0417446a726b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 33e74c71e43a359d1e791be4600a6d8bb9d1b406b0612bf7b1797becc1709626
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ca7e480cf30bc672337078f3eb168acdccc2441968e0b4cd54e0417446a726b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE117C74202702BFD7218BA6DC48F27BBBDEBC6B51F188169F516DA650DB71EC008A34
                                                                                                                                                                                                                                                                                                                                                                        Function 00D72BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00D32B6B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D33A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00E01418,?,00D32E7F,?,?,?,00000000), ref: 00D33A78
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(runas,?,?,?,?,?,00DF2224), ref: 00D72C10
                                                                                                                                                                                                                                                                                                                                                                        • ShellExecuteW.SHELL32(00000000,?,?,00DF2224), ref: 00D72C17
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: runas
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 71d10537155faf08ad19ce6ad12c894c878e64ba1da6c4b1daf31063a644e253
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: eef3bf791446222634fea5de7e0494bbc6c80e19b4793f425358f837ece57725
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71d10537155faf08ad19ce6ad12c894c878e64ba1da6c4b1daf31063a644e253
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 041126316083466EC708FF64E892DBEB7A4DFD0300F48642CF286560A2DF718A49C732
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00D9D501
                                                                                                                                                                                                                                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 00D9D50F
                                                                                                                                                                                                                                                                                                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 00D9D52F
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00D9D5DC
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f80a40deadb84584c6e90e35465b46f93002bf9c916e64df636c4a00c93a43f8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: da77e36a9ffef18f0213b89868a968974f97b3ab3bba286be7b98f789b550a46
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f80a40deadb84584c6e90e35465b46f93002bf9c916e64df636c4a00c93a43f8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05319F711083019FD700EF64C891AAFBBE8EF99354F58092DF585862A1EB719949CBB2
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?,00D75222), ref: 00D9DBCE
                                                                                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 00D9DBDD
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00D9DBEE
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00D9DBFA
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2d10df61404a79ac074558d35c76b94b595ca74e5cb5abf32f7d6dad0d4febb5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 579ac297e6fdf8ec074170ee37dce227fea5a234d25899cb9efad89f6b57d72d
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d10df61404a79ac074558d35c76b94b595ca74e5cb5abf32f7d6dad0d4febb5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3AF0A030820A12578B206B78EC0D8AAB77D9E05334B184702F97AC22E0EBB0995586B9
                                                                                                                                                                                                                                                                                                                                                                        Function 00D8D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                                        • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e59c114feaa63b4ecaaa04e8be6325412ae1a5f8c0229822eb24aa912762b151
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c7514394507cde56f3a213856e0d9c0096c7ea4d6e9ac65a0cef08925e047c23
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e59c114feaa63b4ecaaa04e8be6325412ae1a5f8c0229822eb24aa912762b151
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36D012A1808109FACB50A7D0DC49EB9B3BEEB09301F508452F956D20C0D634C5086775
                                                                                                                                                                                                                                                                                                                                                                        Function 00D54CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00D628E9,?,00D54CBE,00D628E9,00DF88B8,0000000C,00D54E15,00D628E9,00000002,00000000,?,00D628E9), ref: 00D54D09
                                                                                                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,00D54CBE,00D628E9,00DF88B8,0000000C,00D54E15,00D628E9,00000002,00000000,?,00D628E9), ref: 00D54D10
                                                                                                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00D54D22
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2599d36ee0e73594b42d86193707d737915403d046008a2598cdb85c1cb56601
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e0c49c430d5363a34174e80aa8cb2cf7552877342df65d53885ab5acc1dfa720
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2599d36ee0e73594b42d86193707d737915403d046008a2598cdb85c1cb56601
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CE0B63141024AABCF11AF54EE09E583B79FB41796B145019FD19CB222CB36DD86CAB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D8D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetUserNameW.ADVAPI32(?,?), ref: 00D8D28C
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                                        • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3b7644b5442cf2f6ddcb24d48d97712008226116ba3d20bb7260b4c01fcfac3f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a59fb58904b1025c3b822122c4131b0b0143e86504e90b093eaafc769e4028b5
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b7644b5442cf2f6ddcb24d48d97712008226116ba3d20bb7260b4c01fcfac3f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2DD0C9B481111EEBCB90DB90EC88DD9B37CBB04305F100151F146E2140D73095489F20
                                                                                                                                                                                                                                                                                                                                                                        Function 00D3BF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                        • String ID: p#
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3964851224-4182048217
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2f1d8ed7d0b44fc393b3f65532745b878817e0cddcdc4c6c3f441320de0ec147
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 40c71f6e9faa295261a20b52bfa8316e79b422cf99ae20c85c9dc9d1e76da3e9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f1d8ed7d0b44fc393b3f65532745b878817e0cddcdc4c6c3f441320de0ec147
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02A248746183418FC754DF18C480B2ABBE1FF89304F18996DE99A9B362D771EC45CBA2
                                                                                                                                                                                                                                                                                                                                                                        Function 00DBAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 0 dbaff9-dbb056 call d52340 3 dbb058-dbb06b call d3b567 0->3 4 dbb094-dbb098 0->4 14 dbb0c8 3->14 15 dbb06d-dbb092 call d3b567 * 2 3->15 5 dbb09a-dbb0bb call d3b567 * 2 4->5 6 dbb0dd-dbb0e0 4->6 29 dbb0bf-dbb0c4 5->29 10 dbb0e2-dbb0e5 6->10 11 dbb0f5-dbb119 call d37510 call d37620 6->11 16 dbb0e8-dbb0ed call d3b567 10->16 31 dbb1d8-dbb1e0 11->31 32 dbb11f-dbb178 call d37510 call d37620 call d37510 call d37620 call d37510 call d37620 11->32 19 dbb0cb-dbb0cf 14->19 15->29 16->11 24 dbb0d9-dbb0db 19->24 25 dbb0d1-dbb0d7 19->25 24->6 24->11 25->16 29->6 33 dbb0c6 29->33 36 dbb20a-dbb238 GetCurrentDirectoryW call d4fe0b GetCurrentDirectoryW 31->36 37 dbb1e2-dbb1fd call d37510 call d37620 31->37 80 dbb17a-dbb195 call d37510 call d37620 32->80 81 dbb1a6-dbb1d6 GetSystemDirectoryW call d4fe0b GetSystemDirectoryW 32->81 33->19 46 dbb23c 36->46 37->36 50 dbb1ff-dbb208 call d54963 37->50 49 dbb240-dbb244 46->49 52 dbb246-dbb270 call d39c6e * 3 49->52 53 dbb275-dbb285 call da00d9 49->53 50->36 50->53 52->53 62 dbb28b-dbb2e1 call da07c0 call da06e6 call da05a7 53->62 63 dbb287-dbb289 53->63 66 dbb2ee-dbb2f2 62->66 99 dbb2e3 62->99 63->66 73 dbb39a-dbb3be CreateProcessW 66->73 74 dbb2f8-dbb321 call d911c8 66->74 77 dbb3c1-dbb3d4 call d4fe14 * 2 73->77 84 dbb32a call d914ce 74->84 85 dbb323-dbb328 call d91201 74->85 103 dbb42f-dbb43d CloseHandle 77->103 104 dbb3d6-dbb3e8 77->104 80->81 107 dbb197-dbb1a0 call d54963 80->107 81->46 98 dbb32f-dbb33c call d54963 84->98 85->98 115 dbb33e-dbb345 98->115 116 dbb347-dbb357 call d54963 98->116 99->66 109 dbb43f-dbb444 103->109 110 dbb49c 103->110 105 dbb3ea 104->105 106 dbb3ed-dbb3fc 104->106 105->106 111 dbb3fe 106->111 112 dbb401-dbb42a GetLastError call d3630c call d3cfa0 106->112 107->49 107->81 117 dbb451-dbb456 109->117 118 dbb446-dbb44c CloseHandle 109->118 113 dbb4a0-dbb4a4 110->113 111->112 127 dbb4e5-dbb4f6 call da0175 112->127 120 dbb4b2-dbb4bc 113->120 121 dbb4a6-dbb4b0 113->121 115->115 115->116 137 dbb359-dbb360 116->137 138 dbb362-dbb372 call d54963 116->138 124 dbb458-dbb45e CloseHandle 117->124 125 dbb463-dbb468 117->125 118->117 128 dbb4be 120->128 129 dbb4c4-dbb4e3 call d3cfa0 CloseHandle 120->129 121->127 124->125 131 dbb46a-dbb470 CloseHandle 125->131 132 dbb475-dbb49a call da09d9 call dbb536 125->132 128->129 129->127 131->132 132->113 137->137 137->138 146 dbb37d-dbb398 call d4fe14 * 3 138->146 147 dbb374-dbb37b 138->147 146->77 147->146 147->147
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DBB198
                                                                                                                                                                                                                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00DBB1B0
                                                                                                                                                                                                                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00DBB1D4
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DBB200
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00DBB214
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00DBB236
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DBB332
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DA05A7: GetStdHandle.KERNEL32(000000F6), ref: 00DA05C6
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DBB34B
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DBB366
                                                                                                                                                                                                                                                                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00DBB3B6
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 00DBB407
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00DBB439
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00DBB44A
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00DBB45C
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00DBB46E
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00DBB4E3
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1fd0587008fa766202a1a1952e92fdeeaf3c6d6fb632fb30fc9f74b7ef346223
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b0508a9f1c3e10976322ce03ef94e3d110ffeb2d641280efac2414ac77a26f96
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1fd0587008fa766202a1a1952e92fdeeaf3c6d6fb632fb30fc9f74b7ef346223
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91F14B71504240DFC714EF24C891B6ABBE5EF85324F18855EF8969B2A2DB71DC44CB72
                                                                                                                                                                                                                                                                                                                                                                        Function 00D3D730 Relevance: 21.6, APIs: 14, Instructions: 631windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetInputState.USER32 ref: 00D3D807
                                                                                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 00D3DA07
                                                                                                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D3DB28
                                                                                                                                                                                                                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 00D3DB7B
                                                                                                                                                                                                                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00D3DB89
                                                                                                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D3DB9F
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 00D3DBB1
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 56c36c17692a4001e511cd418deffda0b9ba796764116b19515949ca6dca2601
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d4331190e1ba8333f4cf1e8399348496c2d106420f2375fc8b705901c4083a95
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 56c36c17692a4001e511cd418deffda0b9ba796764116b19515949ca6dca2601
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3842CE70604342EFD728DF24D884BBAB7A6FF45304F188559E596872A1D771E888CFB2
                                                                                                                                                                                                                                                                                                                                                                        Function 00D32CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00D32D07
                                                                                                                                                                                                                                                                                                                                                                        • RegisterClassExW.USER32(00000030), ref: 00D32D31
                                                                                                                                                                                                                                                                                                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00D32D42
                                                                                                                                                                                                                                                                                                                                                                        • InitCommonControlsEx.COMCTL32(?), ref: 00D32D5F
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00D32D6F
                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(000000A9), ref: 00D32D85
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00D32D94
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7d7e3b3aa30a5c0cbddeb4014c7b23af48a6724d7282c119c9d626d1ad4f1c71
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 264de619fda7411df527050accb456bdef1b831b0815ce11c4ae558b122f3d8c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d7e3b3aa30a5c0cbddeb4014c7b23af48a6724d7282c119c9d626d1ad4f1c71
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A821E2B1D1130AAFDB00DFA5E849B9DBBB4FB08700F10515AF615FA2A0D7B605888FA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D7065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 457 d7065b-d7068b call d7042f 460 d706a6-d706b2 call d65221 457->460 461 d7068d-d70698 call d5f2c6 457->461 467 d706b4-d706c9 call d5f2c6 call d5f2d9 460->467 468 d706cb-d70714 call d7039a 460->468 466 d7069a-d706a1 call d5f2d9 461->466 477 d7097d-d70983 466->477 467->466 475 d70716-d7071f 468->475 476 d70781-d7078a GetFileType 468->476 479 d70756-d7077c GetLastError call d5f2a3 475->479 480 d70721-d70725 475->480 481 d707d3-d707d6 476->481 482 d7078c-d707bd GetLastError call d5f2a3 CloseHandle 476->482 479->466 480->479 486 d70727-d70754 call d7039a 480->486 484 d707df-d707e5 481->484 485 d707d8-d707dd 481->485 482->466 496 d707c3-d707ce call d5f2d9 482->496 489 d707e9-d70837 call d6516a 484->489 490 d707e7 484->490 485->489 486->476 486->479 499 d70847-d7086b call d7014d 489->499 500 d70839-d70845 call d705ab 489->500 490->489 496->466 507 d7087e-d708c1 499->507 508 d7086d 499->508 500->499 506 d7086f-d70879 call d686ae 500->506 506->477 509 d708c3-d708c7 507->509 510 d708e2-d708f0 507->510 508->506 509->510 512 d708c9-d708dd 509->512 513 d708f6-d708fa 510->513 514 d7097b 510->514 512->510 513->514 516 d708fc-d7092f CloseHandle call d7039a 513->516 514->477 519 d70963-d70977 516->519 520 d70931-d7095d GetLastError call d5f2a3 call d65333 516->520 519->514 520->519
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D7039A: CreateFileW.KERNEL32(00000000,00000000,?,00D70704,?,?,00000000,?,00D70704,00000000,0000000C), ref: 00D703B7
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D7076F
                                                                                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00D70776
                                                                                                                                                                                                                                                                                                                                                                        • GetFileType.KERNEL32(00000000), ref: 00D70782
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D7078C
                                                                                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00D70795
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00D707B5
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00D708FF
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D70931
                                                                                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00D70938
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                                        • String ID: H
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 420697560b515d995d6eb0e536851a07fd6f0bddb2e36abf0782d8f8ee803e56
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e2aed2daf01b4ade595c3d89c46e406b091ad337e6d77f8b358956bd03c1b6b0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 420697560b515d995d6eb0e536851a07fd6f0bddb2e36abf0782d8f8ee803e56
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3DA10532A101458FDF19AF68D851BAD3FA0EB06320F18815DF859EB3D1EB319856CBB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D3344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D33A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00E01418,?,00D32E7F,?,?,?,00000000), ref: 00D33A78
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D33357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00D33379
                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00D3356A
                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00D7318D
                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00D731CE
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00D73210
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00D73277
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00D73286
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6fac78bc219e83b40caeb0436cc96ecf3359c73d6b8bf53e40d11c480881acd8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 566a2ec258d99a95cacb3c5fba53359af14c2fb564ecd680ac05c978405c0395
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fac78bc219e83b40caeb0436cc96ecf3359c73d6b8bf53e40d11c480881acd8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 397191714043029EC314EF66DC8695BB7E8FF94340F44542EF689A31A1EB799A88CB72
                                                                                                                                                                                                                                                                                                                                                                        Function 00D32B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00D32B8E
                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00D32B9D
                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(00000063), ref: 00D32BB3
                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(000000A4), ref: 00D32BC5
                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(000000A2), ref: 00D32BD7
                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00D32BEF
                                                                                                                                                                                                                                                                                                                                                                        • RegisterClassExW.USER32(?), ref: 00D32C40
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D32CD4: GetSysColorBrush.USER32(0000000F), ref: 00D32D07
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D32CD4: RegisterClassExW.USER32(00000030), ref: 00D32D31
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D32CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00D32D42
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D32CD4: InitCommonControlsEx.COMCTL32(?), ref: 00D32D5F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D32CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00D32D6F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D32CD4: LoadIconW.USER32(000000A9), ref: 00D32D85
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D32CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00D32D94
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c400ed7174fab342a53158637c63b21ab90278d79d21e2dcabc7e2300fedd1e1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5c3bf32de96a820edd8e44b3b4d5a7d3173e1f41b4912bdc1f6fbaabd0be4c82
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c400ed7174fab342a53158637c63b21ab90278d79d21e2dcabc7e2300fedd1e1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90212A70E10315AFDB109F96EC45BA97FB4FB08B50F15009AE604BA7A0D7BA05848F90
                                                                                                                                                                                                                                                                                                                                                                        Function 00D3B710 Relevance: 16.3, APIs: 1, Strings: 8, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00D3BB4E
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                        • String ID: p#$p#$p#$p#$p%$p%$x#$x#
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-4136154834
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ebfbd0bf258cb6eca9ceab9a3e4d66ce5e4d8ccdf39d9fea823310a8f1e16ece
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 38d90a93ea3e3735121d80d5c0c7fd8ee09ab294e4225b148f0d16bb4bd2337c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ebfbd0bf258cb6eca9ceab9a3e4d66ce5e4d8ccdf39d9fea823310a8f1e16ece
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE32CF74A00209DFDB24DF54C898BBEBBB5EF44320F18805AEA45AB251C775ED85CBB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D33170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 805 d33170-d33185 806 d33187-d3318a 805->806 807 d331e5-d331e7 805->807 809 d331eb 806->809 810 d3318c-d33193 806->810 807->806 808 d331e9 807->808 811 d331d0-d331d8 DefWindowProcW 808->811 812 d331f1-d331f6 809->812 813 d72dfb-d72e23 call d318e2 call d4e499 809->813 814 d33265-d3326d PostQuitMessage 810->814 815 d33199-d3319e 810->815 822 d331de-d331e4 811->822 817 d331f8-d331fb 812->817 818 d3321d-d33244 SetTimer RegisterWindowMessageW 812->818 851 d72e28-d72e2f 813->851 816 d33219-d3321b 814->816 820 d331a4-d331a8 815->820 821 d72e7c-d72e90 call d9bf30 815->821 816->822 823 d33201-d3320f KillTimer call d330f2 817->823 824 d72d9c-d72d9f 817->824 818->816 826 d33246-d33251 CreatePopupMenu 818->826 827 d331ae-d331b3 820->827 828 d72e68-d72e72 call d9c161 820->828 821->816 846 d72e96 821->846 841 d33214 call d33c50 823->841 830 d72dd7-d72df6 MoveWindow 824->830 831 d72da1-d72da5 824->831 826->816 835 d72e4d-d72e54 827->835 836 d331b9-d331be 827->836 842 d72e77 828->842 830->816 838 d72da7-d72daa 831->838 839 d72dc6-d72dd2 SetFocus 831->839 835->811 840 d72e5a-d72e63 call d90ad7 835->840 844 d33253-d33263 call d3326f 836->844 845 d331c4-d331ca 836->845 838->845 847 d72db0-d72dc1 call d318e2 838->847 839->816 840->811 841->816 842->816 844->816 845->811 845->851 846->811 847->816 851->811 855 d72e35-d72e48 call d330f2 call d33837 851->855 855->811
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00D3316A,?,?), ref: 00D331D8
                                                                                                                                                                                                                                                                                                                                                                        • KillTimer.USER32(?,00000001,?,?,?,?,?,00D3316A,?,?), ref: 00D33204
                                                                                                                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00D33227
                                                                                                                                                                                                                                                                                                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00D3316A,?,?), ref: 00D33232
                                                                                                                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 00D33246
                                                                                                                                                                                                                                                                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 00D33267
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                                        • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 82df5890aa107b116e5dadd54a96a5402da7279793172b7568175dacd2a5d2d5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0ad25c3102c35707eb900510544dad92a44e3afcd5931f27c5a6f27fc0076ef9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 82df5890aa107b116e5dadd54a96a5402da7279793172b7568175dacd2a5d2d5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73417A35610301AFDB141B789F0EB7E3A18E745340F085125F64AEA2E1DB76CE84D7B5
                                                                                                                                                                                                                                                                                                                                                                        Function 00D3DFD0 Relevance: 15.4, APIs: 2, Strings: 6, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID: D%$D%$D%$D%$D%$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-2799515523
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 75058d9539f1422864f899c5c6cb119fdbddd4af063e37e418de14fab9b73abe
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 70e187ffb3dc7eed4f0f3cd44cc4625a92b71fe93bbca6534cbfcf0f7e800dfe
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75058d9539f1422864f899c5c6cb119fdbddd4af063e37e418de14fab9b73abe
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7EC26671A00215CFCB24DF98C885AADB7B1FB09710F288569E946AB3E1D375ED41CBB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D3EC40 Relevance: 15.2, APIs: 3, Strings: 5, Instructions: 1195COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00D3FE66
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                        • String ID: D%$D%$D%$D%$D%
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-30262081
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dd4a07c2c6c49d4388f8da381ea07022901efdd0e60b21ba1f6c7d4415a70dde
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1d07fc318435da9f4c241901dac5182eed5ef7a8ae2f9e5b5e99a6c8b8d0face
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd4a07c2c6c49d4388f8da381ea07022901efdd0e60b21ba1f6c7d4415a70dde
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9B25B74A08345CFCB24DF18C480A2AB7E1FF99314F18496DE9859B3A1D771ED85CBA2
                                                                                                                                                                                                                                                                                                                                                                        Function 00D31410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1814 d31410-d31449 1815 d3144f-d31465 mciSendStringW 1814->1815 1816 d724b8-d724b9 DestroyWindow 1814->1816 1817 d316c6-d316d3 1815->1817 1818 d3146b-d31473 1815->1818 1819 d724c4-d724d1 1816->1819 1821 d316d5-d316f0 UnregisterHotKey 1817->1821 1822 d316f8-d316ff 1817->1822 1818->1819 1820 d31479-d31488 call d3182e 1818->1820 1825 d724d3-d724d6 1819->1825 1826 d72500-d72507 1819->1826 1834 d7250e-d7251a 1820->1834 1835 d3148e-d31496 1820->1835 1821->1822 1823 d316f2-d316f3 call d310d0 1821->1823 1822->1818 1824 d31705 1822->1824 1823->1822 1824->1817 1830 d724e2-d724e5 FindClose 1825->1830 1831 d724d8-d724e0 call d36246 1825->1831 1826->1819 1829 d72509 1826->1829 1829->1834 1833 d724eb-d724f8 1830->1833 1831->1833 1833->1826 1837 d724fa-d724fb call da32b1 1833->1837 1840 d72524-d7252b 1834->1840 1841 d7251c-d7251e FreeLibrary 1834->1841 1838 d72532-d7253f 1835->1838 1839 d3149c-d314c1 call d3cfa0 1835->1839 1837->1826 1846 d72566-d7256d 1838->1846 1847 d72541-d7255e VirtualFree 1838->1847 1851 d314c3 1839->1851 1852 d314f8-d31503 CoUninitialize 1839->1852 1840->1834 1845 d7252d 1840->1845 1841->1840 1845->1838 1846->1838 1848 d7256f 1846->1848 1847->1846 1850 d72560-d72561 call da3317 1847->1850 1854 d72574-d72578 1848->1854 1850->1846 1855 d314c6-d314f6 call d31a05 call d319ae 1851->1855 1852->1854 1856 d31509-d3150e 1852->1856 1854->1856 1857 d7257e-d72584 1854->1857 1855->1852 1859 d31514-d3151e 1856->1859 1860 d72589-d72596 call da32eb 1856->1860 1857->1856 1863 d31707-d31714 call d4f80e 1859->1863 1864 d31524-d315a5 call d3988f call d31944 call d317d5 call d4fe14 call d3177c call d3988f call d3cfa0 call d317fe call d4fe14 1859->1864 1872 d72598 1860->1872 1863->1864 1875 d3171a 1863->1875 1877 d7259d-d725bf call d4fdcd 1864->1877 1903 d315ab-d315cf call d4fe14 1864->1903 1872->1877 1875->1863 1883 d725c1 1877->1883 1885 d725c6-d725e8 call d4fdcd 1883->1885 1891 d725ea 1885->1891 1894 d725ef-d72611 call d4fdcd 1891->1894 1900 d72613 1894->1900 1904 d72618-d72625 call d964d4 1900->1904 1903->1885 1909 d315d5-d315f9 call d4fe14 1903->1909 1910 d72627 1904->1910 1909->1894 1915 d315ff-d31619 call d4fe14 1909->1915 1913 d7262c-d72639 call d4ac64 1910->1913 1918 d7263b 1913->1918 1915->1904 1920 d3161f-d31643 call d317d5 call d4fe14 1915->1920 1921 d72640-d7264d call da3245 1918->1921 1920->1913 1929 d31649-d31651 1920->1929 1927 d7264f 1921->1927 1930 d72654-d72661 call da32cc 1927->1930 1929->1921 1931 d31657-d31675 call d3988f call d3190a 1929->1931 1937 d72663 1930->1937 1931->1930 1939 d3167b-d31689 1931->1939 1940 d72668-d72675 call da32cc 1937->1940 1939->1940 1941 d3168f-d316c5 call d3988f * 3 call d31876 1939->1941 1945 d72677 1940->1945 1945->1945
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00D31459
                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.COMBASE ref: 00D314F8
                                                                                                                                                                                                                                                                                                                                                                        • UnregisterHotKey.USER32(?), ref: 00D316DD
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00D724B9
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00D7251E
                                                                                                                                                                                                                                                                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00D7254B
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: close all
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f84b4ce9fc8410fa74b0901e42389eb757978b0f578c82e1695defbd98c1e3cb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3ec070c07dc8eee3ea2e4b4e4ade6c183cd686ccf5ff11b5b61050eeb4a8fb56
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f84b4ce9fc8410fa74b0901e42389eb757978b0f578c82e1695defbd98c1e3cb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9D137356012538FCB29EF55C899A29F7A5FF05700F1882ADE54AAB261DB30ED12CF71
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1953 d9de27-d9de4a WSAStartup 1954 d9de50-d9de71 gethostname gethostbyname 1953->1954 1955 d9dee6-d9def2 call d54983 1953->1955 1954->1955 1956 d9de73-d9de7a 1954->1956 1963 d9def3-d9def6 1955->1963 1958 d9de7c-d9de81 1956->1958 1959 d9de83-d9de85 1956->1959 1958->1958 1958->1959 1961 d9de87-d9de94 call d54983 1959->1961 1962 d9de96-d9dedb call d50e20 inet_ntoa call d5d5f0 call d9ebd1 call d54983 call d4fe14 1959->1962 1968 d9dede-d9dee4 WSACleanup 1961->1968 1962->1968 1968->1963
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3130c31839ea1c5ac0886917ed9f92f64241bfec208194e391719823d0f885b0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 79fa66e6d994c88689789d1c5b2a38d22d6797f213796b1aa5b6f044229ef6cb
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3130c31839ea1c5ac0886917ed9f92f64241bfec208194e391719823d0f885b0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9110671904206AFCF20AB609C4AEEF77ADDF11755F050169F989D6191EF70CA858A70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D32C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 1987 d32c63-d32cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00D32C91
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00D32CB2
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,00D31CAD,?), ref: 00D32CC6
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,00D31CAD,?), ref: 00D32CCF
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2c610cca729f0e43f4dc20ff319e8c4bf4cdfe47026ae0cdf3f1c6d9ddd14c22
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8f7cd0c073b18bdd20fb69b8ad927e6598789c3b49364d7e65dd1a30fcc13b7a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c610cca729f0e43f4dc20ff319e8c4bf4cdfe47026ae0cdf3f1c6d9ddd14c22
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3F017755503917EEB210713AC08F7B2EBDD7C6F50B02109EFA04AB2A0C67A0888DAB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D8D3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 2102 d8d3a0-d8d3a9 2103 d8d3ab-d8d3b7 LoadLibraryA 2102->2103 2104 d8d376-d8d37b 2102->2104 2106 d8d3c9 2103->2106 2107 d8d3b9-d8d3c7 GetProcAddress 2103->2107 2105 d8d292-d8d2a8 2104->2105 2111 d8d2a9 2105->2111 2108 d8d3ce-d8d3de 2106->2108 2107->2106 2107->2108 2108->2105 2112 d8d3e4-d8d3eb FreeLibrary 2108->2112 2111->2111 2112->2105
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32 ref: 00D8D3AD
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00D8D3BF
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00D8D3E5
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                        • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 145871493-2590602151
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4190ae865fe6bf5db5ec1eceadc60cb1db5ca991ff11fd6d78b697bce32214b7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 15fec189008c56897603fd47f63fe4fcf8e4f3e1a6a6486a58fcb922f8dedceb
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4190ae865fe6bf5db5ec1eceadc60cb1db5ca991ff11fd6d78b697bce32214b7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6FF02031801B22ABC7313B108C08E69B322AF01701B599158EA8AE22D1CB20CD4087B6
                                                                                                                                                                                                                                                                                                                                                                        Function 00D33B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 2423 d33b1c-d33b27 2424 d33b99-d33b9b 2423->2424 2425 d33b29-d33b2e 2423->2425 2427 d33b8c-d33b8f 2424->2427 2425->2424 2426 d33b30-d33b48 RegOpenKeyExW 2425->2426 2426->2424 2428 d33b4a-d33b69 RegQueryValueExW 2426->2428 2429 d33b80-d33b8b RegCloseKey 2428->2429 2430 d33b6b-d33b76 2428->2430 2429->2427 2431 d33b90-d33b97 2430->2431 2432 d33b78-d33b7a 2430->2432 2433 d33b7e 2431->2433 2432->2433 2433->2429
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00D33B0F,SwapMouseButtons,00000004,?), ref: 00D33B40
                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00D33B0F,SwapMouseButtons,00000004,?), ref: 00D33B61
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00D33B0F,SwapMouseButtons,00000004,?), ref: 00D33B83
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e6de1401d4d6e0a2b0dc129e23e9bb0a2318e83df090a98d20ec79ad3aa4e44b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 77522f4a5b92e1ed293ef2dc028b1dfce8c13836f9b209860bfbe9f4cecab629
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6de1401d4d6e0a2b0dc129e23e9bb0a2318e83df090a98d20ec79ad3aa4e44b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86112AB5520209FFDB218FA5DD44EAEB7B8EF04744F144459E905D7210D2319E40A770
                                                                                                                                                                                                                                                                                                                                                                        Function 00D33923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00D733A2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D36B57: _wcslen.LIBCMT ref: 00D36B6A
                                                                                                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00D33A04
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 50498cf81b0560fe156669c56d10c099a69e5069171ca4fa0f00aa14fcff86d6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: da7c96131eb2d5ca12374ebc1ec7af568cf4c79e62e14d6353e9bbd6deb53f64
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50498cf81b0560fe156669c56d10c099a69e5069171ca4fa0f00aa14fcff86d6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4831D271408301AEC725EB24DC45BEBB7D8EF40710F04856EF59997191EB749A88CBF2
                                                                                                                                                                                                                                                                                                                                                                        Function 00D4FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00D50668
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D532A4: RaiseException.KERNEL32(?,?,?,00D5068A,?,00E01444,?,?,?,?,?,?,00D5068A,00D31129,00DF8738,00D31129), ref: 00D53304
                                                                                                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00D50685
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a5c8edee11e5a8bb0a1432130e0044ef18c126f9d3580c612ea5db89197a0c0c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2a7628907467f73474564392a08a2ed172755010f0067722658beba8eb1f99ee
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5c8edee11e5a8bb0a1432130e0044ef18c126f9d3580c612ea5db89197a0c0c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0BF0C23490070D77CF00BBA4D846D9E7B6C9E00351B644531BD24D65A1FF71DA6DC5B1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D310F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D31BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00D31BF4
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D31BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00D31BFC
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D31BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00D31C07
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D31BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00D31C12
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D31BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00D31C1A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D31BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00D31C22
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D31B4A: RegisterWindowMessageW.USER32(00000004,?,00D312C4), ref: 00D31BA2
                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00D3136A
                                                                                                                                                                                                                                                                                                                                                                        • OleInitialize.OLE32 ref: 00D31388
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000), ref: 00D724AB
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 41e08b6efaf7e3e21f72496d215e65788c340e6e629f0d9a6ca5c89907b5f7a6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0f7b701a99b28dda9103c81822bc7884ef9a977005b28d986cdecc4bb17e19e9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41e08b6efaf7e3e21f72496d215e65788c340e6e629f0d9a6ca5c89907b5f7a6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6718DB49113018FC388DF7AAC466553AE0FB8934475491AEE15AFF3B1EB3245898F61
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D33923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00D33A04
                                                                                                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00D9C259
                                                                                                                                                                                                                                                                                                                                                                        • KillTimer.USER32(?,00000001,?,?), ref: 00D9C261
                                                                                                                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00D9C270
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d4c0dd42dcfad4e66b48a02c334a573bb4700fdf543c02d87d0178132016efed
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6f9b62d0e4e7e7eaf16dc06874ce4168c0f0e5d066d8c0e252edcbc3e2cea251
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4c0dd42dcfad4e66b48a02c334a573bb4700fdf543c02d87d0178132016efed
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4231C370914384AFEF228F648855BE7BBEC9B06308F04549ED6DEA7241C3746A88CB65
                                                                                                                                                                                                                                                                                                                                                                        Function 00D686AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,?,?,00D685CC,?,00DF8CC8,0000000C), ref: 00D68704
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00D685CC,?,00DF8CC8,0000000C), ref: 00D6870E
                                                                                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00D68739
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1f527c43e3eb480070d091a3f9d0107a161e87a95a96f8b05c100084336e126e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4a331b9155555beab7029dc7f5cb80446b1abf92e2c4b7feb287d8ad4bc94651
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f527c43e3eb480070d091a3f9d0107a161e87a95a96f8b05c100084336e126e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3401D632A056602BD67463B4F845B7E67498B82B74F3D0319F958DB2E6DFA1CCC1A1B0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D3DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 00D3DB7B
                                                                                                                                                                                                                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00D3DB89
                                                                                                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D3DB9F
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 00D3DBB1
                                                                                                                                                                                                                                                                                                                                                                        • TranslateAcceleratorW.USER32(?,?,?), ref: 00D81CC9
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 393f101408bfa6aa73c424930eb7c320a6b89fed50a848a2f7be0133c77a211a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8e4f1e30aacd686e30941391b282daefa0fd06bcc0cdb0269c64b7ec683f6278
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 393f101408bfa6aa73c424930eb7c320a6b89fed50a848a2f7be0133c77a211a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ADF05E306543429BE734DB60DC89FAAB3BDEB84310F144A18E64AD71C0DB30A489CF35
                                                                                                                                                                                                                                                                                                                                                                        Function 00D41310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00D417F6
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                        • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1b8b66f610cdfaf15aa5a2b35c6f7c2446505901ba8034869d7fee120add5aca
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 522f9efbf915754bf492faa1af221680ffda7016c2cd28f0a0c272db487e4d5c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b8b66f610cdfaf15aa5a2b35c6f7c2446505901ba8034869d7fee120add5aca
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F52279746083419FC714DF14C494A2ABBF1FF85314F28896DF49A8B3A2D771E885CBA2
                                                                                                                                                                                                                                                                                                                                                                        Function 00D401E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1368a5a98ec621fa941f6155d9c6dd849ed47302fd563c23d397d15aba40e5f7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: db7ae9fefa2a0b300c9f424a84e98e670577433e9bc93912fdf455cf5f5da330
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1368a5a98ec621fa941f6155d9c6dd849ed47302fd563c23d397d15aba40e5f7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB32CF30A00605DFCB20EF54D885BAEBBB1EF05310F188569EA56AB2A5D771ED44CBB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D32DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetOpenFileNameW.COMDLG32(?), ref: 00D72C8C
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D33AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00D33A97,?,?,00D32E7F,?,?,?,00000000), ref: 00D33AC2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D32DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00D32DC4
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: X
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 85ee02e00cac184ec9e4dcca6a1f528877ff39db92702bcf4daa29e3e5bf6b3c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a1263b58d3eb3f6e12b45c03013656a7ff2f039510684a2e8371481800deba99
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 85ee02e00cac184ec9e4dcca6a1f528877ff39db92702bcf4daa29e3e5bf6b3c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90218471A002989BDB41AF94C845BEE7BF8DF49304F008059E549B7341EBB496498BB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D8D363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetComputerNameW.KERNEL32(?,?), ref: 00D8D375
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ComputerName
                                                                                                                                                                                                                                                                                                                                                                        • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3545744682-893830106
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 02374b0eccd32d08ba622ec58f26471164dee4d11e387be7744dc899b5a6e558
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1e2b710e9e9ab015e7e1e7186ac44951b7f71398de233cda6bd7917efae3b555
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02374b0eccd32d08ba622ec58f26471164dee4d11e387be7744dc899b5a6e558
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20D0C9B5815219FBCB90DB40EC88EE9B37DBB04301F504151F546E2180DB30D5489B30
                                                                                                                                                                                                                                                                                                                                                                        Function 00D33837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00D33908
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f939f9e8767775ef19babdc14b212a7a1b5fd79de99eeecdad87890f74fc0966
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a7a415b10719eaf69f75e900e947a84dc004109351e8e50517f2c22cc97cf3bf
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f939f9e8767775ef19babdc14b212a7a1b5fd79de99eeecdad87890f74fc0966
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C831C170604301CFD720DF25D98479BBBE8FB49309F04096EF99997280E775AA48CBB2
                                                                                                                                                                                                                                                                                                                                                                        Function 00D4F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 00D4F661
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D3D730: GetInputState.USER32 ref: 00D3D807
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 00D8F2DE
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 419362d3f830359202212987e13b2bd20418d3a4c84f757ee99f7a5e222fa45b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1b6903b99b1b67ce5c603181dc9c9bd462bf22c95f761363ea395ce414282fcb
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 419362d3f830359202212987e13b2bd20418d3a4c84f757ee99f7a5e222fa45b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2AF0F871240706AFD314EB69D449F6AB7E9EB55761F00402AE95AC73A1DB60A8008BB5
                                                                                                                                                                                                                                                                                                                                                                        Function 00D34ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D34E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00D34EDD,?,00E01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D34E9C
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D34E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00D34EAE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D34E90: FreeLibrary.KERNEL32(00000000,?,?,00D34EDD,?,00E01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D34EC0
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00E01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D34EFD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D34E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00D73CDE,?,00E01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D34E62
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D34E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00D34E74
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D34E59: FreeLibrary.KERNEL32(00000000,?,?,00D73CDE,?,00E01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D34E87
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bfed0523bf5427019fd34c253410cf30f1ced7a57699211d136d92a3b9ef114a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1ed83889eb3b336cdc24ea89063f035715af3618bbc1a4aa3404847670aae5c1
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfed0523bf5427019fd34c253410cf30f1ced7a57699211d136d92a3b9ef114a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8211C132610305AACB14AB64D812FAD77A5EF40711F14842DF546B61C1EE78EA459B70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D68402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f8dbaa04a271b171d6c8b3babe8f450562d4a12101c512486d0cdbe28a3d6816
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f0b1ed8621711b554679b59683ec95601e28fef83edc9ec03335f2a29c9a61b2
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8dbaa04a271b171d6c8b3babe8f450562d4a12101c512486d0cdbe28a3d6816
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2911487190420AAFCB05DF58E940A9A7BF5EF48300F144199F808AB312DB31EA11DBA4
                                                                                                                                                                                                                                                                                                                                                                        Function 00D5E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: eca4c2daa6d3ae240c32806f8b6130475caa47494916e6da5376045bbc3bc2b0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7F0F432511A109BCF353A698C05B6A3399DF523B3F140B15FC61921D2CB70D90A8AB5
                                                                                                                                                                                                                                                                                                                                                                        Function 00D39CB3 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 176396367-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b66f2ccc6a42f866386a2c3f527481c72d49d8aa6e16cad6a22e3b4c4ac6860b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cf2ab7813cce76ffdf4a195f2624a39c361b5531ac9e42e1922cdc21cf210cda
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b66f2ccc6a42f866386a2c3f527481c72d49d8aa6e16cad6a22e3b4c4ac6860b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32F0AFB26016016ED7259F29D806AAABB98EB44760F10852AFA1ACB1D1DB71E514CAB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D63820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,00E01444,?,00D4FDF5,?,?,00D3A976,00000010,00E01440,00D313FC,?,00D313C6,?,00D31129), ref: 00D63852
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b27f2fd06148db70b4ca0550bf635c8e4d175ea0369b5adbf67043d34d5914a8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 183caaa5e9bfe123b8869cee00d71fc97cd3215e400e7f45a4e7cdc392797dff
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b27f2fd06148db70b4ca0550bf635c8e4d175ea0369b5adbf67043d34d5914a8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6E0ED31202325ABEA212AA79C05BDA3749EF827B1F0D0020BC45E7981CB21DE0282F1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D34F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,00E01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D34F6D
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7d412902f18334042c9c0780f5a2ab75c65ebd822ac3ac08cdf6222cb80c279b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 022021f98e4a0c1553d3a6f21e52ac55618af1fefbdc9b98222a224a2b6531bf
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d412902f18334042c9c0780f5a2ab75c65ebd822ac3ac08cdf6222cb80c279b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79F03071109752CFDB349F65D490812B7E4EF1432971889BEE5DA82611C735A844DF20
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC2A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • IsWindow.USER32(00000000), ref: 00DC2A66
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9e2a33917d7ef78ca945294f408d2ff46e88ab377249eb54b9568a5725db755c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6b8f5a890200df820b936fc1206fefba8dcb7a18c3412c9e545f3488bd85f9b5
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e2a33917d7ef78ca945294f408d2ff46e88ab377249eb54b9568a5725db755c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81E04F36354217AACB14EB34DC80EFA735CEB50395B10453AFC5AD3510DB30DA9696B0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D330F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00D3314E
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 717bc323b384359f9d48d385325695da9840a89ce16de018524f3ee040d541c4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4b1673c3e5061084f79e59b668d0fb07ee10ebd0584ab3b145987c9a3be1a8c9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 717bc323b384359f9d48d385325695da9840a89ce16de018524f3ee040d541c4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CF0A7709143059FEB529B24DC497D97BBCA701708F0000E9A688A6281D77557CCCF61
                                                                                                                                                                                                                                                                                                                                                                        Function 00D32DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00D32DC4
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D36B57: _wcslen.LIBCMT ref: 00D36B6A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cf8bcb862cb3d91ad59093b3ae22628bf38265f5c9f0becc4623ad445cd671db
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 64ff43d0b9283ecabc94818f3e2ccf739131ea7332e684512576368cc31105f2
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf8bcb862cb3d91ad59093b3ae22628bf38265f5c9f0becc4623ad445cd671db
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DCE0CD76A042245BC71092589C06FDAB7DDDFC8790F044171FD0DD7248E960ED808670
                                                                                                                                                                                                                                                                                                                                                                        Function 00D32B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D33837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00D33908
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D3D730: GetInputState.USER32 ref: 00D3D807
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00D32B6B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D330F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00D3314E
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2e9f315db8a2d8a9fd160a65a3e360f36489a131f3bd2ab02131748f909a222f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a779601ecab47627e09494df5ba3ac86d1581a37f7b40f87c3270988b96e18fc
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e9f315db8a2d8a9fd160a65a3e360f36489a131f3bd2ab02131748f909a222f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25E0723270424407CA08BB70B8228BDF34ACBE1321F00247EF243872B3CF208A898332
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9DF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00D9DF40
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D36B57: _wcslen.LIBCMT ref: 00D36B6A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FolderPath_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2987691875-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 82ef3d5c861b72aa8edb53e1d16bd732eb879b82bf05851e42979d70e7f40457
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d9cd7486da162073b7e2eb7b6eaf18e443ca58cb018fb5e9a0b6fb18e3970a8f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 82ef3d5c861b72aa8edb53e1d16bd732eb879b82bf05851e42979d70e7f40457
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53D05EA2A003293BDF64A6749C0DDF77AACC740210F0046A0796DD3152E920ED448AB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D7039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(00000000,00000000,?,00D70704,?,?,00000000,?,00D70704,00000000,0000000C), ref: 00D703B7
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 89360f6dfdedf8d7fade171a292a21a3681f49e622037aa10e1d290544277206
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3af54e036334592b6dbf03791415a2d686280c5e5f647f15a31fefbfed557917
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89360f6dfdedf8d7fade171a292a21a3681f49e622037aa10e1d290544277206
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7D06C3205020EBBDF028F85DD06EDA3BAAFB48714F014000FE1896120C732E821AB90
                                                                                                                                                                                                                                                                                                                                                                        Function 00D31CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00D31CBC
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9c04b70297508b1418745ebf753384f42a276260258cdbf666e4d59a3a6c4626
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c93714fdc3025b23e3bfa92cd5bc5a597b5d5c69ab2582535ef0d20d037c9927
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c04b70297508b1418745ebf753384f42a276260258cdbf666e4d59a3a6c4626
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AFC09236290306AFF3148B81BC4EF1077A4A348B00F049001F70DB9AE3C3A328A5EA65

                                                                                                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                        Function 00DC4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00DC48F3
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00DC4908
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00DC4927
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00DC494B
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00DC495C
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00DC497B
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00DC49AE
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00DC49D4
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00DC4A0F
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00DC4A56
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00DC4A7E
                                                                                                                                                                                                                                                                                                                                                                        • IsMenu.USER32(?), ref: 00DC4A97
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00DC4AF2
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00DC4B20
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00DC4B94
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00DC4BE3
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00DC4C82
                                                                                                                                                                                                                                                                                                                                                                        • wsprintfW.USER32 ref: 00DC4CAE
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00DC4CC9
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,00000000,00000001), ref: 00DC4CF1
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00DC4D13
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00DC4D33
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,00000000,00000001), ref: 00DC4D5A
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                                        • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d8ff25db2d7d3ff8d53493cf9c3e87884beda3b22ba1b157e47da189c326a120
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c16503fd7637c0bc081cde4d16cabdb55fd2e7c9af532572715cf38934fdcd9c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8ff25db2d7d3ff8d53493cf9c3e87884beda3b22ba1b157e47da189c326a120
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7612DE71600216ABEB258F28CD59FAE7BB8EF45310F14412DF51AEB2A1DB74D941CB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D4F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00D4F998
                                                                                                                                                                                                                                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00D8F474
                                                                                                                                                                                                                                                                                                                                                                        • IsIconic.USER32(00000000), ref: 00D8F47D
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,00000009), ref: 00D8F48A
                                                                                                                                                                                                                                                                                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 00D8F494
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00D8F4AA
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00D8F4B1
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00D8F4BD
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 00D8F4CE
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 00D8F4D6
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00D8F4DE
                                                                                                                                                                                                                                                                                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 00D8F4E1
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00D8F4F6
                                                                                                                                                                                                                                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 00D8F501
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00D8F50B
                                                                                                                                                                                                                                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 00D8F510
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00D8F519
                                                                                                                                                                                                                                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 00D8F51E
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00D8F528
                                                                                                                                                                                                                                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 00D8F52D
                                                                                                                                                                                                                                                                                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 00D8F530
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00D8F557
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6ec568b273d70c27237549b05e395308427613993a7df2502f12efc7abddaab3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ae5db7eea7e9ba44a6e807c2e0d501b53d6093ce2219d3663554610526dbd373
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ec568b273d70c27237549b05e395308427613993a7df2502f12efc7abddaab3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17315271A50319BBEB206BB59C4AFBF7E6CEB44B50F141066F705E62D1C6B09D01AB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D91201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D916C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00D9170D
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D916C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00D9173A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D916C3: GetLastError.KERNEL32 ref: 00D9174A
                                                                                                                                                                                                                                                                                                                                                                        • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00D91286
                                                                                                                                                                                                                                                                                                                                                                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00D912A8
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00D912B9
                                                                                                                                                                                                                                                                                                                                                                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00D912D1
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessWindowStation.USER32 ref: 00D912EA
                                                                                                                                                                                                                                                                                                                                                                        • SetProcessWindowStation.USER32(00000000), ref: 00D912F4
                                                                                                                                                                                                                                                                                                                                                                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00D91310
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D910BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00D911FC), ref: 00D910D4
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D910BF: CloseHandle.KERNEL32(?,?,00D911FC), ref: 00D910E9
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                                        • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 829c3c82d73201fcc4c39df2dc6c7f19e4b49c1675c6f74d3cd0a9c48058c6b7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 921ca5e27c08e5f2b27626dba184a8cf1ddeef238b5f1869030cb0af72867457
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 829c3c82d73201fcc4c39df2dc6c7f19e4b49c1675c6f74d3cd0a9c48058c6b7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3281677590030AABEF219FA4DC49FEE7BB9EF08704F184129FA15E62A0C7318955CB30
                                                                                                                                                                                                                                                                                                                                                                        Function 00D90B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D910F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00D91114
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D910F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00D90B9B,?,?,?), ref: 00D91120
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D910F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00D90B9B,?,?,?), ref: 00D9112F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D910F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00D90B9B,?,?,?), ref: 00D91136
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D910F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00D9114D
                                                                                                                                                                                                                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00D90BCC
                                                                                                                                                                                                                                                                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00D90C00
                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00D90C17
                                                                                                                                                                                                                                                                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 00D90C51
                                                                                                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00D90C6D
                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00D90C84
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00D90C8C
                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00D90C93
                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00D90CB4
                                                                                                                                                                                                                                                                                                                                                                        • CopySid.ADVAPI32(00000000), ref: 00D90CBB
                                                                                                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00D90CEA
                                                                                                                                                                                                                                                                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00D90D0C
                                                                                                                                                                                                                                                                                                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00D90D1E
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D90D45
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00D90D4C
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D90D55
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00D90D5C
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D90D65
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00D90D6C
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00D90D78
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00D90D7F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D91193: GetProcessHeap.KERNEL32(00000008,00D90BB1,?,00000000,?,00D90BB1,?), ref: 00D911A1
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D91193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00D90BB1,?), ref: 00D911A8
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D91193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00D90BB1,?), ref: 00D911B7
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 06e8f4873eac8dbaea2627b224fa99a4269db203fe48ec9695cc90de234315d1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9d48b2d423db71536cc8234af45eddb193557a5c3054d1fb651e8dd58ee1b155
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06e8f4873eac8dbaea2627b224fa99a4269db203fe48ec9695cc90de234315d1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D6712976A0020AAFDF109FA5EC44FEEBBBCBF04314F184515EA19E6291D771A905CB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DAEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • OpenClipboard.USER32(00DCCC08), ref: 00DAEB29
                                                                                                                                                                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 00DAEB37
                                                                                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(0000000D), ref: 00DAEB43
                                                                                                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 00DAEB4F
                                                                                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00DAEB87
                                                                                                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 00DAEB91
                                                                                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00DAEBBC
                                                                                                                                                                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 00DAEBC9
                                                                                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(00000001), ref: 00DAEBD1
                                                                                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00DAEBE2
                                                                                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00DAEC22
                                                                                                                                                                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(0000000F), ref: 00DAEC38
                                                                                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(0000000F), ref: 00DAEC44
                                                                                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00DAEC55
                                                                                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00DAEC77
                                                                                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00DAEC94
                                                                                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00DAECD2
                                                                                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00DAECF3
                                                                                                                                                                                                                                                                                                                                                                        • CountClipboardFormats.USER32 ref: 00DAED14
                                                                                                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 00DAED59
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a0cd016e25bd20af5bd12bf3254f306181518913759fa60b9d055e53da96d49f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 16170b850bfdfdd225957bf8500741791cba02e5993a9df66fbc3662422a69da
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a0cd016e25bd20af5bd12bf3254f306181518913759fa60b9d055e53da96d49f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2161BB34204302AFD700EF24D898F6AB7A4EF85714F18551DF59AD72A2DB71E906CBB2
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00DA69BE
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00DA6A12
                                                                                                                                                                                                                                                                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00DA6A4E
                                                                                                                                                                                                                                                                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00DA6A75
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00DA6AB2
                                                                                                                                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00DA6ADF
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 01306d46217d0765f94e6aef44e771887fb617323657865726c2901a14f6f6bd
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 36747167d6c3f21823c9f0d5a3f9fa812b8d4e67f4f003bfd246435e31d9c294
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 01306d46217d0765f94e6aef44e771887fb617323657865726c2901a14f6f6bd
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7D15FB2508300AFC714EBA4C995EABB7ECEF89704F04491DF589D6291EB74DA44CB72
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00DA9663
                                                                                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 00DA96A1
                                                                                                                                                                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 00DA96BB
                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00DA96D3
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00DA96DE
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00DA96FA
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00DA974A
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(00DF6B7C), ref: 00DA9768
                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00DA9772
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00DA977F
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00DA978F
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e40c753896e58f66dbbfff0fd15df3785bf1ab0e976026b2e5ff5511c4428850
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e61aaf0d628c70900661dee5753e788248ca2ea35de3ce44c6cdf6707a7ac575
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e40c753896e58f66dbbfff0fd15df3785bf1ab0e976026b2e5ff5511c4428850
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9331C23250021A6EDF14EFB4EC18EEEB7ACDF4A361F184155FA09E2190DB30D9448A34
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00DA97BE
                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00DA9819
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00DA9824
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00DA9840
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00DA9890
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(00DF6B7C), ref: 00DA98AE
                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00DA98B8
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00DA98C5
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00DA98D5
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00D9DB00
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c766ba28d5c6164320865fabf5c0df5b9aad982c034ff492b4da2eacfbf99440
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e1d9a45fdf6dc6d1e9d57d48dfd1ae0a378cc958a550c088abf2fb81797e423c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c766ba28d5c6164320865fabf5c0df5b9aad982c034ff492b4da2eacfbf99440
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4631A33250061A6EDF10EFB4EC58EEEB7ACDF47360F148156E958E2190DB34D9498B74
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D33AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00D33A97,?,?,00D32E7F,?,?,?,00000000), ref: 00D33AC2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9E199: GetFileAttributesW.KERNEL32(?,00D9CF95), ref: 00D9E19A
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00D9D122
                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00D9D1DD
                                                                                                                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00D9D1F0
                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 00D9D20D
                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00D9D237
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00D9D21C,?,?), ref: 00D9D2B2
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000,?,?,?), ref: 00D9D253
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00D9D264
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4cff31b0670c646b42ee1665515f73713ad48ba9f4f556fdf5a2437ae1e20182
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 83ff196688c79b5da60cf02dfa34627f81c458f8017bce52cdef025a5e045dc4
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4cff31b0670c646b42ee1665515f73713ad48ba9f4f556fdf5a2437ae1e20182
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0615B3190520DABCF05EBE4DA929EDB7B6EF55300F644165E446B71A1EB30AF09CB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DAED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2e0a1584ab8f5c67648f31d8758d9ebf2ce93d8dc75f3dc5dd516cc6a9586904
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5a8ba82be8a724f154bacf3b58d5d9b9c233bfa97c37e8e1eff3b9937cef0b19
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e0a1584ab8f5c67648f31d8758d9ebf2ce93d8dc75f3dc5dd516cc6a9586904
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA419A35204612AFE720DF15D888F19BBE1EF45329F18D499E4598B762C735ED42CBA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D916C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00D9170D
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D916C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00D9173A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D916C3: GetLastError.KERNEL32 ref: 00D9174A
                                                                                                                                                                                                                                                                                                                                                                        • ExitWindowsEx.USER32(?,00000000), ref: 00D9E932
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                                        • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bb28375fb786e962d6556001d20c922414c45c701cf43e30f17d15f48f127806
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 21cf9b3fdcd29d0740efb8c9e92a806ee59e16e0db9e6d0f40e09ed11504ba52
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb28375fb786e962d6556001d20c922414c45c701cf43e30f17d15f48f127806
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5801D672A20312BFEF64A7B49C86FBB736CE714750F194521FD03E21D2D9A19C4089B4
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00DB1276
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 00DB1283
                                                                                                                                                                                                                                                                                                                                                                        • bind.WSOCK32(00000000,?,00000010), ref: 00DB12BA
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 00DB12C5
                                                                                                                                                                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000), ref: 00DB12F4
                                                                                                                                                                                                                                                                                                                                                                        • listen.WSOCK32(00000000,00000005), ref: 00DB1303
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 00DB130D
                                                                                                                                                                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000), ref: 00DB133C
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7bcb8f516045a6a0aeb57a5f58a43dd3ab0bf5786e69e48a53112fa139e6cdad
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b1fdc2598abc43043ee07cee94025e8e4e6aa4f9bebbc0384fe8f472a46d72bb
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7bcb8f516045a6a0aeb57a5f58a43dd3ab0bf5786e69e48a53112fa139e6cdad
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14418D35A00201DFD710DF24C499B6ABBE5AF86318F588198E95A9F392C771ED81CBF1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D33AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00D33A97,?,?,00D32E7F,?,?,?,00000000), ref: 00D33AC2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9E199: GetFileAttributesW.KERNEL32(?,00D9CF95), ref: 00D9E19A
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00D9D420
                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 00D9D470
                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00D9D481
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00D9D498
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00D9D4A1
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cc74fd6c51b5f1214ded6f79ce80f30629b40e56c39c694bf9ecf8b757b2965b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: da6b0b9bca4bab24245dc222869001fed1f4bc0f25123255062d7c82b32fa019
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc74fd6c51b5f1214ded6f79ce80f30629b40e56c39c694bf9ecf8b757b2965b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74316C710183869FC704EF64D9919AFB7A8EE91314F844A1DF4D5932A1EB30EA09CB77
                                                                                                                                                                                                                                                                                                                                                                        Function 00D6E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1d9a9fea8f1ff997aa3f97b5edb9efbcd6332ba419b8e4a4e3d54be58f40ae1e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b532e09ca3cc902006310e6402ac80ea3c1edf4bdbf912c6a5839a62b6ecc648
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d9a9fea8f1ff997aa3f97b5edb9efbcd6332ba419b8e4a4e3d54be58f40ae1e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00C24B75E086288FDB25CF28DD407EAB7B5EB44305F1841EAD84EE7241E774AE858F60
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DA64DC
                                                                                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00DA6639
                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(00DCFCF8,00000000,00000001,00DCFB68,?), ref: 00DA6650
                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 00DA68D4
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 85e0ca777d17aa21c3dff2cfbe5f300f3472ad3bea1e8b06fa357078682b53d1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bd363a45a7cc93e0b302af5fbfd763d9056888780adfca15a8558a9b2042be68
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 85e0ca777d17aa21c3dff2cfbe5f300f3472ad3bea1e8b06fa357078682b53d1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36D13871508201AFC314EF24C891E6BB7E9FF95704F04896DF5958B291EB70E909CBB2
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(?,?,00000000), ref: 00DB22E8
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DAE4EC: GetWindowRect.USER32(?,?), ref: 00DAE504
                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00DB2312
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00DB2319
                                                                                                                                                                                                                                                                                                                                                                        • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00DB2355
                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00DB2381
                                                                                                                                                                                                                                                                                                                                                                        • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00DB23DF
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ad91798d11a86ba705abeb70a0bf10e27bee73abdd99b63ab8247b05749c214d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0c9881742557d3d4c5b5096f99b3c5a78c6c0e1c8bc600f56b2e7bd90a3217d8
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad91798d11a86ba705abeb70a0bf10e27bee73abdd99b63ab8247b05749c214d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28319072504316ABDB20DF54C849EABB7E9FB84314F04091DF58AD7291D734E909CBA2
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00DA9B78
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00DA9C8B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DA3874: GetInputState.USER32 ref: 00DA38CB
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DA3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00DA3966
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00DA9BA8
                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00DA9C75
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fb04c5ced8e6a28518323a21ca5a34c763b3d67f0ed8dcdeeb7edaa54cba169b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: caf912f21b25071fb5b7fa83f21041a6fb049e6748e0088f8a917d1d7e96cdf9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb04c5ced8e6a28518323a21ca5a34c763b3d67f0ed8dcdeeb7edaa54cba169b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0041607194460A9FCF14DFA4DD99AEEBBB8EF06310F248156E909A3191EB309E44CF70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D4997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D49BB2
                                                                                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,?,?,?,?), ref: 00D49A4E
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00D49B23
                                                                                                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 00D49B36
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: de4df8461da69468eef54eaa73706807ba7e37fe3d2836e9546f86aba0387a4e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 987fbc810d7e0ff0014906c2d1aa780e647a35e9455c130272328355489dd0e8
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de4df8461da69468eef54eaa73706807ba7e37fe3d2836e9546f86aba0387a4e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3EA13B70208544BFE728BA3E8CBAE7BB69DDB82350F284209F142DA695CA25DD41D375
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DB304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00DB307A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DB304E: _wcslen.LIBCMT ref: 00DB309B
                                                                                                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00DB185D
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 00DB1884
                                                                                                                                                                                                                                                                                                                                                                        • bind.WSOCK32(00000000,?,00000010), ref: 00DB18DB
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 00DB18E6
                                                                                                                                                                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000), ref: 00DB1915
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3307f029741fc40c0244d9eae58d4a668e828fcca0cc7f432e9c931b6722bff0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 924a9c5410cd2317ccc7f2e2a2d0ca804ae0caa462b5312a4a559e1fb6b1d67c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3307f029741fc40c0244d9eae58d4a668e828fcca0cc7f432e9c931b6722bff0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31519475A00210AFDB10AF24C896F6A77A5EF48718F488458FA5A9F393C671ED418BB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c71454f0b7e664502a4be47a246744b2c8d126437dfa5b3f9a2558cf233dd4b4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a3e54d6d4787ad57836aa00586e97d74351dd872cc4039fbb6da8e455d04c084
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c71454f0b7e664502a4be47a246744b2c8d126437dfa5b3f9a2558cf233dd4b4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F217E357402225FD7208F1AC984F6ABBA5EF96315F19905CE84ACB352C771E842CBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D38060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3d635225499cba704fb1ec24224a9689d0741a215733bbfe0dbf83c8643b3967
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4b321d6eec1241ceb075adf7a3a4c8188db6cbb41187a19271a88311df776496
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d635225499cba704fb1ec24224a9689d0741a215733bbfe0dbf83c8643b3967
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2FA27071E0071ACBDF24CF58C8417AEB7B1BF54314F2881A9E859A7285EB70DD81DBA1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D6BB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6BB7F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00D6D7D1,00000000,00000000,00000000,00000000,?,00D6D7F8,00000000,00000007,00000000,?,00D6DBF5,00000000), ref: 00D629DE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D629C8: GetLastError.KERNEL32(00000000,?,00D6D7D1,00000000,00000000,00000000,00000000,?,00D6D7F8,00000000,00000007,00000000,?,00D6DBF5,00000000,00000000), ref: 00D629F0
                                                                                                                                                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32 ref: 00D6BB91
                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,?,00E0121C,000000FF,?,0000003F,?,?), ref: 00D6BC09
                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,?,00E01270,000000FF,?,0000003F,?,?,?,00E0121C,000000FF,?,0000003F,?,?), ref: 00D6BC36
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 806657224-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 10d0899ba88c3ff1234123830e7d16f8cc71b1296a1653291874a3901c0d7c81
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d91c51e0d415b4806a8099188af4e2e54cdd96482a953443c3a50bda2e1e96e9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10d0899ba88c3ff1234123830e7d16f8cc71b1296a1653291874a3901c0d7c81
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B331CD71904206DFCB11DF6ADC80829BBB8FF5576071942AAE060EB2B1D7319E81DB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DACE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • InternetReadFile.WININET(?,?,00000400,?), ref: 00DACE89
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 00DACEEA
                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000000), ref: 00DACEFE
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d521be3b0f17ec1a177fea3ccd696cb3868f46c3c105d1cf8e3a46f4955316cb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7976f0c6fbfe2fb83b72d049b4c375c413f3079c4a002915198fdab59b1b9767
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d521be3b0f17ec1a177fea3ccd696cb3868f46c3c105d1cf8e3a46f4955316cb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51218C71510306AFEB20DF65C948BA6B7F8EF51364F14542AEA46D2151EB70EE08CBB4
                                                                                                                                                                                                                                                                                                                                                                        Function 00D98298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00D982AA
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ($|
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 832a023d185d7e87cac3f18e98dd1fdf1cd2c5937e770857dc4849e407fe9db3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ca9679e03419b9e76af35ef84a34b7f4f4f17e3152b7f1de9b30a1d2623ae797
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 832a023d185d7e87cac3f18e98dd1fdf1cd2c5937e770857dc4849e407fe9db3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF323475A007059FCB28CF59C481A6AB7F0FF48B10B15C56EE49ADB3A1EB70E941CB64
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00DA5CC1
                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00DA5D17
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(?), ref: 00DA5D5F
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d427880267d6d72e42da52bf861e46f7fa8e25b6feea5ff78ffc53c96618a6b2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2dceed95da14009436b15cf1d5af249c5e1d823792508add32f8faf18cf70340
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d427880267d6d72e42da52bf861e46f7fa8e25b6feea5ff78ffc53c96618a6b2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 92518A75604A029FCB14CF28D494E96B7E4FF4A324F14855DE99A8B3A1CB30ED45CFA1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D62622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 00D6271A
                                                                                                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00D62724
                                                                                                                                                                                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 00D62731
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cdf75f9771d09c484db87d1a6bf48dbb0c113768406a222dcf978891af901214
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9c24daa3bc80032c06a30c2651d4a03a21af93f54993cf99f0909a5bf7b01d84
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cdf75f9771d09c484db87d1a6bf48dbb0c113768406a222dcf978891af901214
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD31C47491131DABCB21DF64DC88B98BBB8EF08310F5041EAE80CA6260E7309F858F64
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00DA51DA
                                                                                                                                                                                                                                                                                                                                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00DA5238
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 00DA52A1
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fc8415c66d5b03ed5ff3763e7227a8191df09a2f078fe831b99404a08fd55913
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 398286499e001d3ca4399991279f4def0ceb3241ece86db662479908d290308f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc8415c66d5b03ed5ff3763e7227a8191df09a2f078fe831b99404a08fd55913
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E318E75A10609DFDB00DF54D884FADBBB4FF49314F088099E809AB366CB31E845CBA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D916C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D4FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00D50668
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D4FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00D50685
                                                                                                                                                                                                                                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00D9170D
                                                                                                                                                                                                                                                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00D9173A
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D9174A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b396fba5fbf2657d9e503f183605a081d6b6c74da92dfd4204d44c1b3b53023e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 994b6365e1d97a0b57059fab20b2a97a81b341f6305d93ac68de8a2f56bc69ad
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b396fba5fbf2657d9e503f183605a081d6b6c74da92dfd4204d44c1b3b53023e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 861191B2914306AFE7189F54EC86D6AB7B9EF44714B24852EE05697251EB70FC418A30
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00D9D608
                                                                                                                                                                                                                                                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00D9D645
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00D9D650
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dc6e0c0c646c936945a27e0a3f1b5b019ba0b18d2f61c5ab20ee856fa5368956
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e48aa8173d3a69e25a30f83e3f22c6676ef8543cc90abd56b88ff43053b5009e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc6e0c0c646c936945a27e0a3f1b5b019ba0b18d2f61c5ab20ee856fa5368956
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17115E75E05328BFDB108F95EC45FAFBBBCEB45B50F108115F908E7290D6704A058BA1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D91663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00D9168C
                                                                                                                                                                                                                                                                                                                                                                        • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00D916A1
                                                                                                                                                                                                                                                                                                                                                                        • FreeSid.ADVAPI32(?), ref: 00D916B1
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 715e9c2fa835f9fb0621f944162ec73fa3238669400ca8b2ff7bbfb5bd93c2e4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 789c65d7f3e55ea1082af7488768653fe3d4124d233af94bbfa6f394c54bceb9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 715e9c2fa835f9fb0621f944162ec73fa3238669400ca8b2ff7bbfb5bd93c2e4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D2F0F47595030AFBDF00DFE49C89EAEBBBCFB08604F504565EA01E2281E774AA449A64
                                                                                                                                                                                                                                                                                                                                                                        Function 00D5CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e037586c8730abdc22c4a6d3867bc961f1d146e3a52f250bc69fb982c3633ce2
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08021C71E112199FDF14CFA9C8806ADBBF1EF48315F29916AEC19E7380D731AA45CB90
                                                                                                                                                                                                                                                                                                                                                                        Function 00D3CAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Variable is not of type 'Object'.$p#
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-1086706999
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 12cf429b37526249dedcddb22dcf19825ba5cca4de8cd2e952e2a2137caa2cad
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c44f38e3c981f614eb2717ad17b32f661f91eb8efba7e4f6d600e1856e117875
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12cf429b37526249dedcddb22dcf19825ba5cca4de8cd2e952e2a2137caa2cad
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F328A74910218DBCF14EF94D885AEDBBB5FF04304F189069E846BB292DB75AE49CB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00DA6918
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00DA6961
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bdd0d37666b50455eab2dc764102581946ec9c29a0310110d51665d27ff9e308
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: da7031f89425952605e393e282c3c7b5776d403d99af8db3459309cf29d960e1
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bdd0d37666b50455eab2dc764102581946ec9c29a0310110d51665d27ff9e308
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50118E756146019FC710DF29D488A16BBE5EF89328F18C699E5698F7A2CB30EC05CFA1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9A00B Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 00D9A012
                                                                                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 00D9A07D
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: KeyboardState
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1724228437-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 21054fc17c40c6c1a24c6423dd25932d2fd39bdd0466cf0d6f686ca47d9ba1d4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9c64514132aae56dbc6463a9768d91fba2c00a29745835ea98860261fd6f2fe4
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21054fc17c40c6c1a24c6423dd25932d2fd39bdd0466cf0d6f686ca47d9ba1d4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20F0621751C3A615FF29877046147DE6FB49F032C0F0884C5C8C9AA042D2688B8C8B79
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00DB4891,?,?,00000035,?), ref: 00DA37E4
                                                                                                                                                                                                                                                                                                                                                                        • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00DB4891,?,?,00000035,?), ref: 00DA37F4
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6f17201ed4cf5383d99189305cc0d5755deebdd5331cdd478dfc1361e273cb5d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 263e5b1e2fda1e636a2c2d37e832f82ae83869c2db9e03e4736b1169b20e17fb
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f17201ed4cf5383d99189305cc0d5755deebdd5331cdd478dfc1361e273cb5d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7DF0E5B160432A2AE72057669C4DFEB7AAEEFC5761F000265F609D2291D9A09904C7B0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendInput.USER32(00000001,0000005B,0000001C,0000005B,?,00000000), ref: 00D9B25D
                                                                                                                                                                                                                                                                                                                                                                        • keybd_event.USER32(00000000,00000000,?,00000000), ref: 00D9B270
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2f3b2ae847025d73b8c8afb7f41b52d9bf3e3890c551e54d29000630be5d39a8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7e6d7a90388c74f9693b442b4ad1218dd75a93b213cdee0ab891bd845405a796
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f3b2ae847025d73b8c8afb7f41b52d9bf3e3890c551e54d29000630be5d39a8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9EF01D7181424EABDF059FA0D805BAE7BB4FF04315F04901AF955E6191C379D6119FA4
                                                                                                                                                                                                                                                                                                                                                                        Function 00D910BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00D911FC), ref: 00D910D4
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,00D911FC), ref: 00D910E9
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bdcc423dd10988b2dfcdcff050b17281aa92fd4338ad242cacb40651ad418190
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 45963c823f4870070e89e5ab03646ebf6417b5023fb225f01638753c61756c71
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bdcc423dd10988b2dfcdcff050b17281aa92fd4338ad242cacb40651ad418190
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74E0BF72014752AFE7252B51FC05E7777A9FB04311B14882DF5AA805B1DB626C90EB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D6676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00D66766,?,?,00000008,?,?,00D6FEFE,00000000), ref: 00D66998
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8fc41c19754850513b1be5bfc6bf97c82b6a9a86ba716eacf5a2d10e992e6e07
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: eb5d54e2b45fdb7027a30e333f51d0a428fbdb63753fa597b5f0f328d127e7e9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8fc41c19754850513b1be5bfc6bf97c82b6a9a86ba716eacf5a2d10e992e6e07
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71B139316106099FD719CF28C48AB657BE0FF45364F298659E8D9CF2E2C335E991CB50
                                                                                                                                                                                                                                                                                                                                                                        Function 00D4B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d12cf2cb093589d2861f309fb62cf60026ea84d6ad137b19fa638bb6e1773ade
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cdf354c4c9ab20db9d22001e55c8f41f250505b1ee30804c5bb303519c8fb385
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d12cf2cb093589d2861f309fb62cf60026ea84d6ad137b19fa638bb6e1773ade
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F125F759002299FCB24DF58C880AEEB7B5FF58710F54819AE849EB255DB30DE81DFA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DAEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • BlockInput.USER32(00000001), ref: 00DAEABD
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cdf24aa6a1e2ad645310bc6fdc0a069f98c55f17875962f55183550cc6420960
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 401b57254ac0de1053a1f0571bb8be4925d96f7e2043cbd5bf9e4cc6debe7144
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cdf24aa6a1e2ad645310bc6fdc0a069f98c55f17875962f55183550cc6420960
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7E01A362102059FC710EF59D804E9AB7E9EF99760F00841AFD49DB361DA70EC408BB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D509D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00D503EE), ref: 00D509DA
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b6fb0aea50fb75a352888f11e09863ed034116eccd9ec4b4cedc53a21f0d6347
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 102dc5c64e7b91e35cfce61cbff87efde648d7fe46629f89a7ce36904216667b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6fb0aea50fb75a352888f11e09863ed034116eccd9ec4b4cedc53a21f0d6347
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                                        Function 00D5781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0e5c4448627b60c5ffad84580a11fb1e656622b87d6b42bb3590a06e41959401
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B351577160C6055BDF388568A85DBBE6B8ADB12303F3C0509DC86D7282CA15EE0DEB72
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA2046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0&
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-2523485602
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 79cfe5ef6a9365fcbebad8699be295f917f2b060ab7e837123d33ca9e1fd0fac
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c7093b0dc5a87818c8742ebac4b2aac73794a1653a26bfb304bd7a671272b996
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 79cfe5ef6a9365fcbebad8699be295f917f2b060ab7e837123d33ca9e1fd0fac
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5621EB323205118BD728CF7AC81367E73E5A754310F18862EE4A7D37D0DE36A944C794
                                                                                                                                                                                                                                                                                                                                                                        Function 00D66DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dd5b6f464627ded09b17d10a9c72e9f03628313c620d89a8946360bc7af0696b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ec4f92e2596038c65385db507b45c393d587f5eb7cba239f586e250959004c03
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd5b6f464627ded09b17d10a9c72e9f03628313c620d89a8946360bc7af0696b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22322431D2AF454ED7239638D8223356389AFB73C9F14D737F81AB5AA9EB29C4834110
                                                                                                                                                                                                                                                                                                                                                                        Function 00D4CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 07640f89cd069f3c3eea3ab50bc0abd752cc4a6cbf4e07ca9f1722cf5d790347
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3beea338824f6985a872734091eab14b909814a9ddaa4fd7c9227377928a67eb
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07640f89cd069f3c3eea3ab50bc0abd752cc4a6cbf4e07ca9f1722cf5d790347
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69322631A20215CBCF28EF29C4D467D77A1EF85300F2DA56AD99ADB291E230DD81DB71
                                                                                                                                                                                                                                                                                                                                                                        Function 00D37920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: de3c6e59982c3c77dfd2211f5934ab46644f033315a9221f1db35ffdbb93ab7a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fedc1ea6c4a6d06aae7e711af3d300879ab576027d804b46b1beaeaf20fbe2fc
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de3c6e59982c3c77dfd2211f5934ab46644f033315a9221f1db35ffdbb93ab7a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A22C1B0A04609DFDF14CF64D881AAEB7F1FF44300F248529E85AA7295EB75E914CB71
                                                                                                                                                                                                                                                                                                                                                                        Function 00D391C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bb38d41a9b2e5416e6443b471c266680dd5842fb51ba17620043d59cbc638f89
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b9771c332408ae46b20d79299e84ce99752f46797f8d12b23780d0b1253d0052
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb38d41a9b2e5416e6443b471c266680dd5842fb51ba17620043d59cbc638f89
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B02B6B0E00205EBDB05DF54D881AAEB7B1FF48300F558169E85ADB291FB71EA14CBB5
                                                                                                                                                                                                                                                                                                                                                                        Function 00D69EEE Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6dd8c47d6d1903430b7a1d29b1c355405ebcb19fdb82917f69d2b30187700194
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 709d92a20263910ff30ca00bbff8e5fb2fe22cd6d19c2c9a76547c5369ac54f0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6dd8c47d6d1903430b7a1d29b1c355405ebcb19fdb82917f69d2b30187700194
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7B1F320D2AF414ED32396398931336B79CAFBB6D5F91D71BFC56B4E22EB2185834141
                                                                                                                                                                                                                                                                                                                                                                        Function 00D51C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2fa4c006f2134e808971414f34882008bbad156870879c446076f4ac1fac67fe
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 149155761080A349DF29463A857567DFEF15A523A371E079EECF2CA1C1EE14C95CDA30
                                                                                                                                                                                                                                                                                                                                                                        Function 00D519B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f5f9229085d204cc7f62e4dfe39b33a68177bc8a17b46b1804eb9ff01cd48c9e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B91407A2090A34ADF2A467A857423DFEE15A923A371E0799DCF2CA1C1FA14C55DDA30
                                                                                                                                                                                                                                                                                                                                                                        Function 00D57A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 911380456ccecb0412508c014ac495830fa6d57d52d2a8fb21f3915b01489768
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ba9704deb81a97344c886a86775d69e4e2fa8e2e9a647d466a9ca241e6f2ac5b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 911380456ccecb0412508c014ac495830fa6d57d52d2a8fb21f3915b01489768
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0613671A0870957EF349A28B895BBE2394DF41703F3C0919EC86DB281DA11DE4EC775
                                                                                                                                                                                                                                                                                                                                                                        Function 00D57CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 87d1d495bd2be994bbf1261d3c2a1c079bae7feca788602e169aae04a4c698d0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5a8e0f611d5073daccd11ec09b799786f7117225440d549c9a9f5b48adbf0735
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87d1d495bd2be994bbf1261d3c2a1c079bae7feca788602e169aae04a4c698d0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89616D7160870AD6DE3449287856BBE23A4EF41743F38095BFC83DB281EA12DD4E9675
                                                                                                                                                                                                                                                                                                                                                                        Function 00D51706 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 71f979ccc922275012f1772996d44229387ca37fdc84371334058fcca64e013b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5281407A5080A24ADF294239853467EFFE15A923A371E079DDCF2CA1C1EE14D95CDA30
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00DB2B30
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00DB2B43
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32 ref: 00DB2B52
                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00DB2B6D
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00DB2B74
                                                                                                                                                                                                                                                                                                                                                                        • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00DB2CA3
                                                                                                                                                                                                                                                                                                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00DB2CB1
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DB2CF8
                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 00DB2D04
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00DB2D40
                                                                                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DB2D62
                                                                                                                                                                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DB2D75
                                                                                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DB2D80
                                                                                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00DB2D89
                                                                                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DB2D98
                                                                                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00DB2DA1
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DB2DA8
                                                                                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00DB2DB3
                                                                                                                                                                                                                                                                                                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DB2DC5
                                                                                                                                                                                                                                                                                                                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,00DCFC38,00000000), ref: 00DB2DDB
                                                                                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00DB2DEB
                                                                                                                                                                                                                                                                                                                                                                        • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00DB2E11
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00DB2E30
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DB2E52
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DB303F
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                        • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fe2f8fdad03b8ef2d903c874ac4999f4be0dfc1c9338121790cb7a5f77514e19
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f4834e41df39e32dd229f821a114a834eedbaf54796c178e3324e1dc2d12e5dc
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe2f8fdad03b8ef2d903c874ac4999f4be0dfc1c9338121790cb7a5f77514e19
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED025C72910206EFDB14DF65CD89EAE7BB9EF48710F048158F919AB2A1CB74AD05CB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00DC712F
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00DC7160
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00DC716C
                                                                                                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,000000FF), ref: 00DC7186
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00DC7195
                                                                                                                                                                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 00DC71C0
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000010), ref: 00DC71C8
                                                                                                                                                                                                                                                                                                                                                                        • CreateSolidBrush.GDI32(00000000), ref: 00DC71CF
                                                                                                                                                                                                                                                                                                                                                                        • FrameRect.USER32(?,?,00000000), ref: 00DC71DE
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00DC71E5
                                                                                                                                                                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 00DC7230
                                                                                                                                                                                                                                                                                                                                                                        • FillRect.USER32(?,?,?), ref: 00DC7262
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00DC7284
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DC73E8: GetSysColor.USER32(00000012), ref: 00DC7421
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DC73E8: SetTextColor.GDI32(?,?), ref: 00DC7425
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DC73E8: GetSysColorBrush.USER32(0000000F), ref: 00DC743B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DC73E8: GetSysColor.USER32(0000000F), ref: 00DC7446
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DC73E8: GetSysColor.USER32(00000011), ref: 00DC7463
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DC73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00DC7471
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DC73E8: SelectObject.GDI32(?,00000000), ref: 00DC7482
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DC73E8: SetBkColor.GDI32(?,00000000), ref: 00DC748B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DC73E8: SelectObject.GDI32(?,?), ref: 00DC7498
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DC73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00DC74B7
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DC73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00DC74CE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DC73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00DC74DB
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3375e9565c0c508875a491738a398f0f4e8499ea4c81e62531711edff8f486e2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 788297f9ebc4456e39842eba88cda2a8637d18928181aa0c3a0e9c0738cfc67b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3375e9565c0c508875a491738a398f0f4e8499ea4c81e62531711edff8f486e2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9FA18D72418303AFDB019F60DC48F5ABBA9FB49320F141A19FAA6D62E1D731E9448F61
                                                                                                                                                                                                                                                                                                                                                                        Function 00D48D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?), ref: 00D48E14
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 00D86AC5
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00D86AFE
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00D86F43
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D48F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00D48BE8,?,00000000,?,?,?,?,00D48BBA,00000000,?), ref: 00D48FC5
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001053), ref: 00D86F7F
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00D86F96
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 00D86FAC
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 00D86FB7
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d16492a0327f9a5524b1eff01b6a51c232591f2240f62141145378da5266c255
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d31e19397c5acdff152b69988e4782c568d907d73313faad0207dc897838fd12
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d16492a0327f9a5524b1eff01b6a51c232591f2240f62141145378da5266c255
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91129E30600202DFDB25EF14C844BA9B7E5FB44321F588469F589DB261CB32EC92DB71
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000), ref: 00DB273E
                                                                                                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00DB286A
                                                                                                                                                                                                                                                                                                                                                                        • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00DB28A9
                                                                                                                                                                                                                                                                                                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00DB28B9
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00DB2900
                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 00DB290C
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00DB2955
                                                                                                                                                                                                                                                                                                                                                                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00DB2964
                                                                                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00DB2974
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00DB2978
                                                                                                                                                                                                                                                                                                                                                                        • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00DB2988
                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00DB2991
                                                                                                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00DB299A
                                                                                                                                                                                                                                                                                                                                                                        • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00DB29C6
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000030,00000000,00000001), ref: 00DB29DD
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00DB2A1D
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00DB2A31
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000404,00000001,00000000), ref: 00DB2A42
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00DB2A77
                                                                                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00DB2A82
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00DB2A8D
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00DB2A97
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                                        • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2bfe883b48209278c93a0e7d840d496734fd872e37ab0a099a7511c7f66f7d96
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fc5f28a0b950034ae24e84c90ad0829028a5819bd79291893f3b3902e64f0285
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2bfe883b48209278c93a0e7d840d496734fd872e37ab0a099a7511c7f66f7d96
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5B16D72A50306AFEB14DF69CC49FAE7BA9EB08710F048155FA15EB290D774ED40CBA4
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00DA4AED
                                                                                                                                                                                                                                                                                                                                                                        • GetDriveTypeW.KERNEL32(?,00DCCB68,?,\\.\,00DCCC08), ref: 00DA4BCA
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,00DCCB68,?,\\.\,00DCCC08), ref: 00DA4D36
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 966257c897b8c5942f0e87fc9a7a81e7c815789bb518ffa5cc2decc19ec951bb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d5739436c4f5207f6a60059405e30667139d08975a68a3c934cf188dd345b853
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 966257c897b8c5942f0e87fc9a7a81e7c815789bb518ffa5cc2decc19ec951bb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C561E63060620A9FCB04DF24CA81D7CB7B0EF86350B298415F94AABA91DBF1ED45DB71
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000012), ref: 00DC7421
                                                                                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 00DC7425
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00DC743B
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00DC7446
                                                                                                                                                                                                                                                                                                                                                                        • CreateSolidBrush.GDI32(?), ref: 00DC744B
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000011), ref: 00DC7463
                                                                                                                                                                                                                                                                                                                                                                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00DC7471
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00DC7482
                                                                                                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 00DC748B
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00DC7498
                                                                                                                                                                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 00DC74B7
                                                                                                                                                                                                                                                                                                                                                                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00DC74CE
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 00DC74DB
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00DC752A
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00DC7554
                                                                                                                                                                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FD,000000FD), ref: 00DC7572
                                                                                                                                                                                                                                                                                                                                                                        • DrawFocusRect.USER32(?,?), ref: 00DC757D
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000011), ref: 00DC758E
                                                                                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00DC7596
                                                                                                                                                                                                                                                                                                                                                                        • DrawTextW.USER32(?,00DC70F5,000000FF,?,00000000), ref: 00DC75A8
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00DC75BF
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00DC75CA
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00DC75D0
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00DC75D5
                                                                                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 00DC75DB
                                                                                                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,?), ref: 00DC75E5
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b5e74f3492e18fc2d9fc42e3967e3e6e625f14b5af52d21b39d3f4b955f44cb4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5a6d112e0a2427a7411e5c0cdd7e82a25763c552e7afc35331ede9d3801cb0ab
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b5e74f3492e18fc2d9fc42e3967e3e6e625f14b5af52d21b39d3f4b955f44cb4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76615B7291421AAFDB019FA4DC49FAEBFB9EB08320F155115FA15EB2A1D7709940CFA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00DC1128
                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00DC113D
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00DC1144
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00DC1199
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00DC11B9
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00DC11ED
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00DC120B
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00DC121D
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000421,?,?), ref: 00DC1232
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00DC1245
                                                                                                                                                                                                                                                                                                                                                                        • IsWindowVisible.USER32(00000000), ref: 00DC12A1
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00DC12BC
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00DC12D0
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00DC12E8
                                                                                                                                                                                                                                                                                                                                                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 00DC130E
                                                                                                                                                                                                                                                                                                                                                                        • GetMonitorInfoW.USER32(00000000,?), ref: 00DC1328
                                                                                                                                                                                                                                                                                                                                                                        • CopyRect.USER32(?,?), ref: 00DC133F
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000412,00000000), ref: 00DC13AA
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 163e661145697ffc02f028c9ee835b8af5179a3cedae4a2a45aca257b492a084
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4a5d1b5b00355430b3d36ecbd0e77e7361c57ae003d9aaf21e89127896e55ed5
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 163e661145697ffc02f028c9ee835b8af5179a3cedae4a2a45aca257b492a084
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7B19A75604352AFDB00DF64C885F6ABBE4FF85314F04891CF9999B2A2C731E845CBA1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D48891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00D48968
                                                                                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000007), ref: 00D48970
                                                                                                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00D4899B
                                                                                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000008), ref: 00D489A3
                                                                                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000004), ref: 00D489C8
                                                                                                                                                                                                                                                                                                                                                                        • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00D489E5
                                                                                                                                                                                                                                                                                                                                                                        • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00D489F5
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00D48A28
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00D48A3C
                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,000000FF), ref: 00D48A5A
                                                                                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00D48A76
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00D48A81
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D4912D: GetCursorPos.USER32(?), ref: 00D49141
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D4912D: ScreenToClient.USER32(00000000,?), ref: 00D4915E
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D4912D: GetAsyncKeyState.USER32(00000001), ref: 00D49183
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D4912D: GetAsyncKeyState.USER32(00000002), ref: 00D4919D
                                                                                                                                                                                                                                                                                                                                                                        • SetTimer.USER32(00000000,00000000,00000028,00D490FC), ref: 00D48AA8
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                                        • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 49a1b33305b7dbf3208a1c6cef14d618d0cb3f194d5212c58843101bf7f6f604
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 256c8e4291b1ef9971070c28630717652200328e23a1bc7816c4731ce4682cdf
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49a1b33305b7dbf3208a1c6cef14d618d0cb3f194d5212c58843101bf7f6f604
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3BB16A71A0020A9FDB14DFA8DD45BAE7BB5FB48314F144229FA19EB290DB70E941CF61
                                                                                                                                                                                                                                                                                                                                                                        Function 00D90D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D910F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00D91114
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D910F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00D90B9B,?,?,?), ref: 00D91120
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D910F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00D90B9B,?,?,?), ref: 00D9112F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D910F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00D90B9B,?,?,?), ref: 00D91136
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D910F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00D9114D
                                                                                                                                                                                                                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00D90DF5
                                                                                                                                                                                                                                                                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00D90E29
                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00D90E40
                                                                                                                                                                                                                                                                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 00D90E7A
                                                                                                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00D90E96
                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00D90EAD
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00D90EB5
                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00D90EBC
                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00D90EDD
                                                                                                                                                                                                                                                                                                                                                                        • CopySid.ADVAPI32(00000000), ref: 00D90EE4
                                                                                                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00D90F13
                                                                                                                                                                                                                                                                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00D90F35
                                                                                                                                                                                                                                                                                                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00D90F47
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D90F6E
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00D90F75
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D90F7E
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00D90F85
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D90F8E
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00D90F95
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00D90FA1
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00D90FA8
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D91193: GetProcessHeap.KERNEL32(00000008,00D90BB1,?,00000000,?,00D90BB1,?), ref: 00D911A1
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D91193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00D90BB1,?), ref: 00D911A8
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D91193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00D90BB1,?), ref: 00D911B7
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 661d8c1304debeaafc7d042089c64ea6a8856af9866ace742e9bb7d5fae47aa7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c41b32991a4792b8031e7604b44dfdb9f5f8927eb9b1c254bfa631b2e386c9a0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 661d8c1304debeaafc7d042089c64ea6a8856af9866ace742e9bb7d5fae47aa7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED711972A0420AAFDF209FA5EC45FAEBBB8EF05311F184115FA19E6291D7719A05CB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DBC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DBC4BD
                                                                                                                                                                                                                                                                                                                                                                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,00DCCC08,00000000,?,00000000,?,?), ref: 00DBC544
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00DBC5A4
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DBC5F4
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DBC66F
                                                                                                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00DBC6B2
                                                                                                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00DBC7C1
                                                                                                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00DBC84D
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00DBC881
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00DBC88E
                                                                                                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00DBC960
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b3d7f8605f10f2ee4002e00a8d7d44bd27193337e9add3051f50cb88c843e60d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 18aeba9722390f33be1ae373749a27dc5e441811ebd8f2074827af6821c52e69
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3d7f8605f10f2ee4002e00a8d7d44bd27193337e9add3051f50cb88c843e60d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C126775614201DFDB24DF14C881A6AB7E5FF88714F08885DF88A9B3A2DB31ED41CBA1
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00DC09C6
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DC0A01
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00DC0A54
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DC0A8A
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DC0B06
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DC0B81
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D4F9F2: _wcslen.LIBCMT ref: 00D4F9FD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D92BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00D92BFA
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                        • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8d9f5d36d646d4f6f898c94dd4a6949881c4e65ac6af5115ca2ab8cae684f9e4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0defc17fde73e58e5cbb602915662cd23613e7e73f7798788a588674175943ba
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d9f5d36d646d4f6f898c94dd4a6949881c4e65ac6af5115ca2ab8cae684f9e4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13E14735208702DFCB14DF24C450A6ABBE2FF98314B19895CE8969B762D731ED45CBB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00DBC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                        • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 021e8f477b836d2cc217c3b2d93724f2bd66c51b3af5d18cebce9d715b8d53b2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ce55ebd3c34e84b979ca2dca21a24a611477a9e1bc076aea15cf0f87b19071be
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 021e8f477b836d2cc217c3b2d93724f2bd66c51b3af5d18cebce9d715b8d53b2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B271C63262012ACBCB20DE6CCD515FF3791BB61754F296528FCA7AB294EA31CD4587B0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DC835A
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DC836E
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DC8391
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DC83B4
                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00DC83F2
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00DC361A,?), ref: 00DC844E
                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00DC8487
                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00DC84CA
                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00DC8501
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00DC850D
                                                                                                                                                                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00DC851D
                                                                                                                                                                                                                                                                                                                                                                        • DestroyIcon.USER32(?), ref: 00DC852C
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00DC8549
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00DC8555
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                                        • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cca13d00195bae771338815b96c41844453b90373db9e1d5219c58ace6fbc60c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5924684d9a440e6fc6ea20588a65ef63197d4d4ac448320b8daabbe0707d1f6b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cca13d00195bae771338815b96c41844453b90373db9e1d5219c58ace6fbc60c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A161CD7155421ABAEB18DF64CC41FBE77A8FB04721F10460AF915D71D1DBB4A980DBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D37778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cc29bddf06cb713cfd3874f14ecfc7a057a40ac2e60e27a3a07adbe22e899535
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f0f6413043f4dc7b326f059c552466acd391112a93272fa0afac29228e125592
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc29bddf06cb713cfd3874f14ecfc7a057a40ac2e60e27a3a07adbe22e899535
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E181D6B1A04605BFDB21AF60DC42FAE77A9EF15301F084024FD09AB296EBB1D915D7B1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D95A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(00000063), ref: 00D95A2E
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00D95A40
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00D95A57
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 00D95A6C
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 00D95A72
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00D95A82
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 00D95A88
                                                                                                                                                                                                                                                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00D95AA9
                                                                                                                                                                                                                                                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00D95AC3
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00D95ACC
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00D95B33
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00D95B6F
                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00D95B75
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00D95B7C
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00D95BD3
                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00D95BE0
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000005,00000000,?), ref: 00D95C05
                                                                                                                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00D95C2F
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 78dce74b346536a6ff319de211ed136b67ac65e73a9c47b535a13e9bedfaa9e8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 83f0d4fa03c4ea0da7d1180babbb47eec550d2e3ba5903ea416deb8213c557a1
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78dce74b346536a6ff319de211ed136b67ac65e73a9c47b535a13e9bedfaa9e8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74717D31900B06AFDB21DFA8DE85F6EBBF5FF48704F144528E586A26A4D775E940CB20
                                                                                                                                                                                                                                                                                                                                                                        Function 00D500C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00D500C6
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D500ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00E0070C,00000FA0,33C7C7DD,?,?,?,?,00D723B3,000000FF), ref: 00D5011C
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D500ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00D723B3,000000FF), ref: 00D50127
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D500ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00D723B3,000000FF), ref: 00D50138
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D500ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00D5014E
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D500ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00D5015C
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D500ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00D5016A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D500ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00D50195
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D500ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00D501A0
                                                                                                                                                                                                                                                                                                                                                                        • ___scrt_fastfail.LIBCMT ref: 00D500E7
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D500A3: __onexit.LIBCMT ref: 00D500A9
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00D50122
                                                                                                                                                                                                                                                                                                                                                                        • SleepConditionVariableCS, xrefs: 00D50154
                                                                                                                                                                                                                                                                                                                                                                        • kernel32.dll, xrefs: 00D50133
                                                                                                                                                                                                                                                                                                                                                                        • InitializeConditionVariable, xrefs: 00D50148
                                                                                                                                                                                                                                                                                                                                                                        • WakeAllConditionVariable, xrefs: 00D50162
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                                        • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2a38a90143adf639d39f80469e9b22483e0f15769fd3e7c80341d0d9eff01336
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5d42543706a687089aa27270d68ad3fd4e925c67e445da85dd4c6bac0258a44b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a38a90143adf639d39f80469e9b22483e0f15769fd3e7c80341d0d9eff01336
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7212E32A447136FDB116B65AC05F6A3B94DB04B62F18013AFD05E33D1DFB49C088AB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D930F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7d9edbf8a742fc3ebf34719f16cd19bab15adcbf6565f70561434467120d0e87
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b6b80173fe87ee00fab2fe2e74876829a95c606689bf0352fc40ca6373910da8
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d9edbf8a742fc3ebf34719f16cd19bab15adcbf6565f70561434467120d0e87
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3CE19531A00616ABCF189FA8C4517FEBBB4FF54710F598119E956B7250DB30AE898BB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CharLowerBuffW.USER32(00000000,00000000,00DCCC08), ref: 00DA4527
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DA453B
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DA4599
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DA45F4
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DA463F
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DA46A7
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D4F9F2: _wcslen.LIBCMT ref: 00D4F9FD
                                                                                                                                                                                                                                                                                                                                                                        • GetDriveTypeW.KERNEL32(?,00DF6BF0,00000061), ref: 00DA4743
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                        • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: acdb7dd506cc914342bed8e30e04404b9a7e51e5fe0b7d3dc2d6e284429c9fa0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a8e5c984be640d596aaa2c44a6ec93e4e2c0a7511fd8066a0866e2e86811a4d6
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: acdb7dd506cc914342bed8e30e04404b9a7e51e5fe0b7d3dc2d6e284429c9fa0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1FB1EF716083029FC710DF28C891A6AB7E5EFE6720F58891DF596C7291E7B0D844CBB2
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D49BB2
                                                                                                                                                                                                                                                                                                                                                                        • DragQueryPoint.SHELL32(?,?), ref: 00DC9147
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DC7674: ClientToScreen.USER32(?,?), ref: 00DC769A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DC7674: GetWindowRect.USER32(?,?), ref: 00DC7710
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DC7674: PtInRect.USER32(?,?,00DC8B89), ref: 00DC7720
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00DC91B0
                                                                                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00DC91BB
                                                                                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00DC91DE
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00DC9225
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00DC923E
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00DC9255
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00DC9277
                                                                                                                                                                                                                                                                                                                                                                        • DragFinish.SHELL32(?), ref: 00DC927E
                                                                                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00DC9371
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 221274066-136824727
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d380dc3a24fa6bdd9f9e2b6bed6c77ab099dfefc8e83ec7c9f23d7442d418bb8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 023d1941b9ecc52bcd7b74c0c2455a229cb9e252cbda4916bcb22837a5025b5c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d380dc3a24fa6bdd9f9e2b6bed6c77ab099dfefc8e83ec7c9f23d7442d418bb8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03615A71108302AFC701DF54DC99EABBBE8EF88750F40491DF695932A0DB709A49CB72
                                                                                                                                                                                                                                                                                                                                                                        Function 00D3326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(00E01990), ref: 00D72F8D
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(00E01990), ref: 00D7303D
                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00D73081
                                                                                                                                                                                                                                                                                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 00D7308A
                                                                                                                                                                                                                                                                                                                                                                        • TrackPopupMenuEx.USER32(00E01990,00000000,?,00000000,00000000,00000000), ref: 00D7309D
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00D730A9
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 508505b5cf636df6408516843b7673e02caaeb6c3f2782eca0f132cbc62ad392
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d17645cfd64049dc2aaa620c439dec9d57f9241235d701314771e9c553e3d3ad
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 508505b5cf636df6408516843b7673e02caaeb6c3f2782eca0f132cbc62ad392
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB712930644246BFEB218F65CD49FAAFF64FF04364F248216F618AA1E0D7B1A910DB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000,?), ref: 00DC6DEB
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D36B57: _wcslen.LIBCMT ref: 00D36B6A
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00DC6E5F
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00DC6E81
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00DC6E94
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00DC6EB5
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00D30000,00000000), ref: 00DC6EE4
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00DC6EFD
                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00DC6F16
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00DC6F1D
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00DC6F35
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00DC6F4D
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D49944: GetWindowLongW.USER32(?,000000EB), ref: 00D49952
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 450096d62d4ebdc229a21917daca854c9c09ffb84b3887d2c02835a1a8206498
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d3cf1225a7d2b37b25621bdcd5eba6035e823cc54e0bd7529240a4eec8540f4c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 450096d62d4ebdc229a21917daca854c9c09ffb84b3887d2c02835a1a8206498
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 58716770144346AFDB21CF18D844FAABBE9EF88304F58441EFA8997261D771E94ADB21
                                                                                                                                                                                                                                                                                                                                                                        Function 00DAC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00DAC4B0
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00DAC4C3
                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00DAC4D7
                                                                                                                                                                                                                                                                                                                                                                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00DAC4F0
                                                                                                                                                                                                                                                                                                                                                                        • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00DAC533
                                                                                                                                                                                                                                                                                                                                                                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00DAC549
                                                                                                                                                                                                                                                                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00DAC554
                                                                                                                                                                                                                                                                                                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00DAC584
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00DAC5DC
                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00DAC5F0
                                                                                                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00DAC5FB
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b42bc0a97f689310293f77ef1bcb7f5af0fa3a861cedc45c698438e062fc6828
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a4332aa620c1b1a762f0e6f20c22cff1b02a327eac1972f57db4f4d5e034b1bd
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b42bc0a97f689310293f77ef1bcb7f5af0fa3a861cedc45c698438e062fc6828
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66514BB151030ABFDB218F60C948AAA7BFCEF0A764F146419F949D6650EB34E9449B70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00DC8592
                                                                                                                                                                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000), ref: 00DC85A2
                                                                                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00DC85AD
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00DC85BA
                                                                                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00DC85C8
                                                                                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00DC85D7
                                                                                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00DC85E0
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00DC85E7
                                                                                                                                                                                                                                                                                                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00DC85F8
                                                                                                                                                                                                                                                                                                                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,00DCFC38,?), ref: 00DC8611
                                                                                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00DC8621
                                                                                                                                                                                                                                                                                                                                                                        • GetObjectW.GDI32(?,00000018,000000FF), ref: 00DC8641
                                                                                                                                                                                                                                                                                                                                                                        • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00DC8671
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00DC8699
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00DC86AF
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dc2dea5873f7196f599db99e7a18f4c514588e40f53d62f1a6525e3a7edbd246
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4ccdb574b79a4a5aab46889e72fe7522ea438a8ac4015736a3ba97b94540661b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc2dea5873f7196f599db99e7a18f4c514588e40f53d62f1a6525e3a7edbd246
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66413A75610306AFDB119FA5DC88EAABBB8FF89711F144058FA09E7260DB709D01DB30
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(00000000), ref: 00DA1502
                                                                                                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 00DA150B
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00DA1517
                                                                                                                                                                                                                                                                                                                                                                        • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00DA15FB
                                                                                                                                                                                                                                                                                                                                                                        • VarR8FromDec.OLEAUT32(?,?), ref: 00DA1657
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00DA1708
                                                                                                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 00DA178C
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00DA17D8
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00DA17E7
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(00000000), ref: 00DA1823
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                                        • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f9eef5089692d94b02f3d70621d60e85cca8fc7bdcdc904e151931549bde91c0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 827480f3945124a55121f8eebefaa47c1157170f94538545f651d0139d5c1fd1
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f9eef5089692d94b02f3d70621d60e85cca8fc7bdcdc904e151931549bde91c0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5CD11E35E00606EBDB00AFA5D894B79B7B5FF46700F18845AE486AB290DB34EC40DBB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00DBB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DBC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00DBB6AE,?,?), ref: 00DBC9B5
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DBC998: _wcslen.LIBCMT ref: 00DBC9F1
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DBC998: _wcslen.LIBCMT ref: 00DBCA68
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DBC998: _wcslen.LIBCMT ref: 00DBCA9E
                                                                                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DBB6F4
                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00DBB772
                                                                                                                                                                                                                                                                                                                                                                        • RegDeleteValueW.ADVAPI32(?,?), ref: 00DBB80A
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00DBB87E
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00DBB89C
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00DBB8F2
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00DBB904
                                                                                                                                                                                                                                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00DBB922
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00DBB983
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00DBB994
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 846d7e12eee7f5b2ff3f68729d198ffc66fc998f2cd79656e4a0db2c78ee0af9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7c1a150435c72a899b28ef73cd39e192e80f204bf3c07acab9eaa218a0157f73
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 846d7e12eee7f5b2ff3f68729d198ffc66fc998f2cd79656e4a0db2c78ee0af9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DDC16B34208202EFD714DF14C494F6ABBE5FF84318F18845DE59A8B2A2CBB1ED45CBA1
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00DB25D8
                                                                                                                                                                                                                                                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00DB25E8
                                                                                                                                                                                                                                                                                                                                                                        • CreateCompatibleDC.GDI32(?), ref: 00DB25F4
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00DB2601
                                                                                                                                                                                                                                                                                                                                                                        • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00DB266D
                                                                                                                                                                                                                                                                                                                                                                        • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00DB26AC
                                                                                                                                                                                                                                                                                                                                                                        • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00DB26D0
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00DB26D8
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00DB26E1
                                                                                                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(?), ref: 00DB26E8
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,?), ref: 00DB26F3
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                                        • String ID: (
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1ed263c80adbacbe5f88e30e7941d212dc5251a17bcc81dd06d3a7c8bf9d2099
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 34569cf90a0cd3ba6ac9316f27fbe346ed26ba7b45ee520a6af6163849ae34f3
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ed263c80adbacbe5f88e30e7941d212dc5251a17bcc81dd06d3a7c8bf9d2099
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1161D276D0021AEFCF15CFA4D884EAEBBB5FF48310F248529E55AA7250D770A941CF60
                                                                                                                                                                                                                                                                                                                                                                        Function 00D6DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • ___free_lconv_mon.LIBCMT ref: 00D6DAA1
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D6D63C: _free.LIBCMT ref: 00D6D659
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D6D63C: _free.LIBCMT ref: 00D6D66B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D6D63C: _free.LIBCMT ref: 00D6D67D
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D6D63C: _free.LIBCMT ref: 00D6D68F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D6D63C: _free.LIBCMT ref: 00D6D6A1
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D6D63C: _free.LIBCMT ref: 00D6D6B3
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D6D63C: _free.LIBCMT ref: 00D6D6C5
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D6D63C: _free.LIBCMT ref: 00D6D6D7
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D6D63C: _free.LIBCMT ref: 00D6D6E9
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D6D63C: _free.LIBCMT ref: 00D6D6FB
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D6D63C: _free.LIBCMT ref: 00D6D70D
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D6D63C: _free.LIBCMT ref: 00D6D71F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D6D63C: _free.LIBCMT ref: 00D6D731
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6DA96
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00D6D7D1,00000000,00000000,00000000,00000000,?,00D6D7F8,00000000,00000007,00000000,?,00D6DBF5,00000000), ref: 00D629DE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D629C8: GetLastError.KERNEL32(00000000,?,00D6D7D1,00000000,00000000,00000000,00000000,?,00D6D7F8,00000000,00000007,00000000,?,00D6DBF5,00000000,00000000), ref: 00D629F0
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6DAB8
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6DACD
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6DAD8
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6DAFA
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6DB0D
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6DB1B
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6DB26
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6DB5E
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6DB65
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6DB82
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6DB9A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6a986a3c7590bfec8b351d89f3b7d9959d166097ad1bfe47f13a0b2d3f10a066
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7310188cf8e35b5c1ca4495f1476cd564eecf131962b7a758791ab67b62fea25
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a986a3c7590bfec8b351d89f3b7d9959d166097ad1bfe47f13a0b2d3f10a066
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2317C31B447049FEB25AA79E845B6A77EAFF50350F19441AE449D7195DF30EC40CB30
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00D9369C
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00D936A7
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00D93797
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00D9380C
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 00D9385D
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00D93882
                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 00D938A0
                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(00000000), ref: 00D938A7
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00D93921
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 00D9395D
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a5ef71435be1ddb1eed47ca61edf506a9be8558c1961fd4b38b18c53c59fd78c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4c07d999b33f16709433feec807dcbaf5db2e6a14b1a9ea75e1962fb8568a08b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5ef71435be1ddb1eed47ca61edf506a9be8558c1961fd4b38b18c53c59fd78c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8191AF71204706AFDB19DF64C885FAAF7A8FF44350F048629F999D2190DB30EA59CBB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D94954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00D94994
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 00D949DA
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00D949EB
                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 00D949F7
                                                                                                                                                                                                                                                                                                                                                                        • _wcsstr.LIBVCRUNTIME ref: 00D94A2C
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 00D94A64
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 00D94A9D
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 00D94AE6
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00D94B20
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00D94B8B
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d6d70e8386a781d411360b2bb02fc98896b26806972a4eec5a17b1f99c2629f0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 044a21c561a18d70b3ed9dfc45648b3a179646671bf5cd6db63ef6c2674c32aa
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6d70e8386a781d411360b2bb02fc98896b26806972a4eec5a17b1f99c2629f0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17919B711042069FDF04DF14C995FAAB7E8EF84358F088469FD899A196DB30ED4ACBB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00DBCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00DBCC64
                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00DBCC8D
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00DBCD48
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DBCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00DBCCAA
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DBCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00DBCCBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DBCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00DBCCCF
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DBCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00DBCD05
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DBCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00DBCD28
                                                                                                                                                                                                                                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00DBCCF3
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bf9d0802544c770355d6d92812cf97856ebb1a9fcb2d4112ad939ccab5ddca49
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1ef570a1417914ad930d77c04eda50ac22d8871b23699673d15ea730f0354388
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf9d0802544c770355d6d92812cf97856ebb1a9fcb2d4112ad939ccab5ddca49
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B331807591122AFBD7208B51DC88EFFBB7CFF55750F041165EA0AE2240D6309A45AAB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00DA3D40
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DA3D6D
                                                                                                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00DA3D9D
                                                                                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00DA3DBE
                                                                                                                                                                                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?), ref: 00DA3DCE
                                                                                                                                                                                                                                                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00DA3E55
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00DA3E60
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00DA3E6B
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ca3e6d8dbfbcb6f0318abd07d75b2f9f9912187801906bdaa9506897b14c3e2e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 58783f9d15d9afd6c5e9dd3e3fcf07de48acb68dd8dfde337361dcf1b37fdbaa
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca3e6d8dbfbcb6f0318abd07d75b2f9f9912187801906bdaa9506897b14c3e2e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E231AF7291020AABDF219BA0DC49FEB77BDEF89740F1441A5FA09D6160EB7497448B34
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 00D9E6B4
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D4E551: timeGetTime.WINMM(?,?,00D9E6D4), ref: 00D4E555
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 00D9E6E1
                                                                                                                                                                                                                                                                                                                                                                        • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00D9E705
                                                                                                                                                                                                                                                                                                                                                                        • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00D9E727
                                                                                                                                                                                                                                                                                                                                                                        • SetActiveWindow.USER32 ref: 00D9E746
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00D9E754
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 00D9E773
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(000000FA), ref: 00D9E77E
                                                                                                                                                                                                                                                                                                                                                                        • IsWindow.USER32 ref: 00D9E78A
                                                                                                                                                                                                                                                                                                                                                                        • EndDialog.USER32(00000000), ref: 00D9E79B
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                                        • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 92e8493d8304e84752078340aa9b878cf3800311636aa805dde8a785146ae96d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ed60e8a1fb33881c781415426982f3e95044d6da291ee9bfe9256cb8a94f6be0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92e8493d8304e84752078340aa9b878cf3800311636aa805dde8a785146ae96d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D218470210306AFEF00AF62EC8DE253BA9F754748B181428F605D16B1DB73AC849B35
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00D9EA5D
                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00D9EA73
                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00D9EA84
                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00D9EA96
                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00D9EAA7
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c9aef45bfeb9b98738fc4d72f3b24653ac68277134a37507b94649a5d0b89773
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 742265247861daeb6a75400b09bfb8bb67e2e4e01238fbb3759aade5d3383f6e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9aef45bfeb9b98738fc4d72f3b24653ac68277134a37507b94649a5d0b89773
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1114221A9025D7DDB10E766DD4ADFB6B7CEBD1B00F454429B501A20D1EEF05909CAB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D95CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00D95CE2
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00D95CFB
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00D95D59
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00D95D69
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00D95D7B
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00D95DCF
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00D95DDD
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00D95DEF
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00D95E31
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 00D95E44
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00D95E5A
                                                                                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00D95E67
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5c896c214129214912f68d67bec944067f1c6f59996183389c701a2160d5f843
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 73f85f17d203a4f9e335d66505e4f23bdf00bcc3974ac1291d0097d8a212deb7
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c896c214129214912f68d67bec944067f1c6f59996183389c701a2160d5f843
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E51FCB1A10706AFDF19CF68DD89EAEBBB5EB48300F148129F519E6294D7709E04CB60
                                                                                                                                                                                                                                                                                                                                                                        Function 00D48BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D48F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00D48BE8,?,00000000,?,?,?,?,00D48BBA,00000000,?), ref: 00D48FC5
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00D48C81
                                                                                                                                                                                                                                                                                                                                                                        • KillTimer.USER32(00000000,?,?,?,?,00D48BBA,00000000,?), ref: 00D48D1B
                                                                                                                                                                                                                                                                                                                                                                        • DestroyAcceleratorTable.USER32(00000000), ref: 00D86973
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00D48BBA,00000000,?), ref: 00D869A1
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00D48BBA,00000000,?), ref: 00D869B8
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00D48BBA,00000000), ref: 00D869D4
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00D869E6
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5106abbbbeeab330a5985a817c655ba1bd3a98f5a22988ff9a4ddd6a7b0bb622
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9323f9e539511fc56bcb4b73790fc9573bff73eb1cae0a2b8adb03df5158bdee
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5106abbbbeeab330a5985a817c655ba1bd3a98f5a22988ff9a4ddd6a7b0bb622
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81618C30502711DFCB25AF15D988B2977F1FB40362F585558E186AB6A0CB32E9D4EFB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D49838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D49944: GetWindowLongW.USER32(?,000000EB), ref: 00D49952
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00D49862
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f60ec6abafbd8ee1160fdb927414ad9826ee76d18fb233f59176982c67779dc3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6f0acfcc0a6bb2c85f414a3d97acef85125bd99c0f64cec56ac86134e4aa6ab1
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f60ec6abafbd8ee1160fdb927414ad9826ee76d18fb233f59176982c67779dc3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76418F311047419FDB209F3E9C94BBA7B65AB46320F285655FAA6872E5C731DC42DB30
                                                                                                                                                                                                                                                                                                                                                                        Function 00D996E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00D7F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00D99717
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000,?,00D7F7F8,00000001), ref: 00D99720
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00D7F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00D99742
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000,?,00D7F7F8,00000001), ref: 00D99745
                                                                                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00D99866
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 22a64726d697e60aab567580a930f960e62401d664bad8c85052cbf5d8707d66
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 794d8133c1b7dc80c280816e197db565cfb99314d21c4e11fadfc3958e7e60bd
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 22a64726d697e60aab567580a930f960e62401d664bad8c85052cbf5d8707d66
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59412A72804209AACF04FBE4CE96EEEB778EF55340F504169F60572092EA75AF48CB71
                                                                                                                                                                                                                                                                                                                                                                        Function 00D906DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D36B57: _wcslen.LIBCMT ref: 00D36B6A
                                                                                                                                                                                                                                                                                                                                                                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00D907A2
                                                                                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00D907BE
                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00D907DA
                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00D90804
                                                                                                                                                                                                                                                                                                                                                                        • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00D9082C
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00D90837
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00D9083C
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 96a5fe42479073832f7d10d4c14bb8d6f7be7a50e150a4d16de5c7b93508edd5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 65c1695917f18e4832b0973a42da0aa64f4727069072688be0489aa658243edf
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96a5fe42479073832f7d10d4c14bb8d6f7be7a50e150a4d16de5c7b93508edd5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B41F272910229AFDF15EBA4EC95DEDB778EF44350F458129EA05A2260EA709E04CAB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00DB3C5C
                                                                                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00DB3C8A
                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 00DB3C94
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DB3D2D
                                                                                                                                                                                                                                                                                                                                                                        • GetRunningObjectTable.OLE32(00000000,?), ref: 00DB3DB1
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001,00000029), ref: 00DB3ED5
                                                                                                                                                                                                                                                                                                                                                                        • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00DB3F0E
                                                                                                                                                                                                                                                                                                                                                                        • CoGetObject.OLE32(?,00000000,00DCFB98,?), ref: 00DB3F2D
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 00DB3F40
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00DB3FC4
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00DB3FD8
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4ca62463f5503168589d1e343155867f33984e4b9c75f9837a7a876959ac4dbf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: dfa6e8f58430f925bb4a669e6a574428622631d800961226bc3fad4f1afd3843
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ca62463f5503168589d1e343155867f33984e4b9c75f9837a7a876959ac4dbf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1BC11171608306EF8700DF69C88496BBBE9FF89744F14491DF98A9B211DB30EE05CB62
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00DA7AF3
                                                                                                                                                                                                                                                                                                                                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00DA7B8F
                                                                                                                                                                                                                                                                                                                                                                        • SHGetDesktopFolder.SHELL32(?), ref: 00DA7BA3
                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(00DCFD08,00000000,00000001,00DF6E6C,?), ref: 00DA7BEF
                                                                                                                                                                                                                                                                                                                                                                        • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00DA7C74
                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(?,?), ref: 00DA7CCC
                                                                                                                                                                                                                                                                                                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 00DA7D57
                                                                                                                                                                                                                                                                                                                                                                        • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00DA7D7A
                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00DA7D81
                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00DA7DD6
                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 00DA7DDC
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b070a7f9604689562d74db77dfb04a0f926d3e4964355faf734b9b09d74a33e2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 54c29205ed932001984cc22ef57056f450f91a398424c40f0b855b548c8b400a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b070a7f9604689562d74db77dfb04a0f926d3e4964355faf734b9b09d74a33e2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15C10975A04209AFCB14DF64C884DAEBBB9FF49314B148499E91ADB361D730EE45CBA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00DC5504
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00DC5515
                                                                                                                                                                                                                                                                                                                                                                        • CharNextW.USER32(00000158), ref: 00DC5544
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00DC5585
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00DC559B
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00DC55AC
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3563e5818f5bae37f05f235e4c0e05c96e680fb5078c1b9d5e5fa0fd001f4f05
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 81e305135d300a7520eaf550b1ebba6861098f30c7c7787f1e1334190bc5396d
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3563e5818f5bae37f05f235e4c0e05c96e680fb5078c1b9d5e5fa0fd001f4f05
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B617D3190460AEBDF108F54EC84EFE7BB9EB09720F144149F665AB2A5D770AAC1DB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D8FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00D8FAAF
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAllocData.OLEAUT32(?), ref: 00D8FB08
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00D8FB1A
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 00D8FB3A
                                                                                                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 00D8FB8D
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 00D8FBA1
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00D8FBB6
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayDestroyData.OLEAUT32(?), ref: 00D8FBC3
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00D8FBCC
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00D8FBDE
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00D8FBE9
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a4ff2e1bd8b4ef89c503dfda8acdc769333d9b8786da69e6edb4d5343f8fcaaf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 26951536bd7ac857c4c021d8ea08adca42edd181c909d932744872181f620d4d
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4ff2e1bd8b4ef89c503dfda8acdc769333d9b8786da69e6edb4d5343f8fcaaf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE413035A1421AAFCB04EF64C854DADBBB9EF48354F048065E959E7261D730B945CFB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D99C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 00D99CA1
                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00D99D22
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(000000A0), ref: 00D99D3D
                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00D99D57
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(000000A1), ref: 00D99D6C
                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 00D99D84
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000011), ref: 00D99D96
                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 00D99DAE
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000012), ref: 00D99DC0
                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00D99DD8
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(0000005B), ref: 00D99DEA
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a853f83403be82ad7574a29ad3175a25b49cfa739f431300b6de7b0bab7b22a1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7523d573698ea136697e5e3f4ed6babfe8fcb19899e31364b3b0e41204d1630a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a853f83403be82ad7574a29ad3175a25b49cfa739f431300b6de7b0bab7b22a1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA41A6345047CA69FF31966888647B5FEA06F12344F0C805EDAC6576C2EBA599C8C7B2
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • WSAStartup.WSOCK32(00000101,?), ref: 00DB05BC
                                                                                                                                                                                                                                                                                                                                                                        • inet_addr.WSOCK32(?), ref: 00DB061C
                                                                                                                                                                                                                                                                                                                                                                        • gethostbyname.WSOCK32(?), ref: 00DB0628
                                                                                                                                                                                                                                                                                                                                                                        • IcmpCreateFile.IPHLPAPI ref: 00DB0636
                                                                                                                                                                                                                                                                                                                                                                        • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00DB06C6
                                                                                                                                                                                                                                                                                                                                                                        • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00DB06E5
                                                                                                                                                                                                                                                                                                                                                                        • IcmpCloseHandle.IPHLPAPI(?), ref: 00DB07B9
                                                                                                                                                                                                                                                                                                                                                                        • WSACleanup.WSOCK32 ref: 00DB07BF
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a84164eb3fdeef41c0f4730f2b69411e78617112f057a538736348b12a5da645
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 81398724a8d9b8d1ecf3e533d9b3a5243b0c59d022fe1cf765793e19afbc0051
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a84164eb3fdeef41c0f4730f2b69411e78617112f057a538736348b12a5da645
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B914A75604302DFD720DF15C488F5ABBE4EF44318F1885A9E56A9B6A2CB30ED45CFA1
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                                        • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0ba17809400d966deff1636420f0951fb51e754ac9752ec179a6623801d5443f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8f2760b2743e0e9d3581a7b8d5b5f0fb455067767ef3fa058553fbecbce023ea
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ba17809400d966deff1636420f0951fb51e754ac9752ec179a6623801d5443f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A151AE31A04116DBCF14DF68C8509FEB3A9EF64324B25422AF866E7284DB31DD40DBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32 ref: 00DB3774
                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 00DB377F
                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(?,00000000,00000017,00DCFB78,?), ref: 00DB37D9
                                                                                                                                                                                                                                                                                                                                                                        • IIDFromString.OLE32(?,?), ref: 00DB384C
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00DB38E4
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00DB3936
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fa6f062d9484b5591c0df63104349d845f796fa788f1ccfd786d7262d59d5263
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 02867e30ad40ecfe8313bbd66b920426d934429b71b66d2590c58a874b3d0bb4
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa6f062d9484b5591c0df63104349d845f796fa788f1ccfd786d7262d59d5263
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB616A75608301EFD710DF54C888BAABBE8EF49710F144919F5869B291DB70EE48DBB2
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetLocalTime.KERNEL32(?), ref: 00DA8257
                                                                                                                                                                                                                                                                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00DA8267
                                                                                                                                                                                                                                                                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00DA8273
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00DA8310
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00DA8324
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00DA8356
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00DA838C
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00DA8395
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2079271cea2a14c6c4c6f9e74f6be36e5936461b3074a752a14bf3e31d212002
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bebdb168536fc76b31b92158163f0b8d738d6f0732f31130209c39d8274b4d02
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2079271cea2a14c6c4c6f9e74f6be36e5936461b3074a752a14bf3e31d212002
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B6139725043459FCB10EF64C841AAEB3E8FF89314F04891AF999D7251EB35E945CBB2
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00DA33CF
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00DA33F0
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 91446dc8c9fc5b2260e32573735baa8d941c7fc19a86102c24bfe3cc99c2bb82
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 28b3ca5c62bf3bd38219a2f2e05d75b53faa416b4120fdb13ecdf7c59b8ded24
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91446dc8c9fc5b2260e32573735baa8d941c7fc19a86102c24bfe3cc99c2bb82
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA51997290020AAADF15EBA4CE52EEEB379EF04340F148165F105720A2EB756F98CB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                        • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 151ca9c15bb614604d4e920aa9c5d8b17f3844e800b7db2f4461b3c3dfc5b2f3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4683e82ad460f52ac2499b2a60a7053a70f6dd222e35c28f78a49b1357313d76
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 151ca9c15bb614604d4e920aa9c5d8b17f3844e800b7db2f4461b3c3dfc5b2f3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC41ED32A001279ACF106F7D9A905BE77A5EF60774B2A422BE561DF284E731DD81C770
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00DA53A0
                                                                                                                                                                                                                                                                                                                                                                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00DA5416
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00DA5420
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,READY), ref: 00DA54A7
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 56e4c9f8c4989ea7216a471a0db46cbd220d34b7171d456e3224d4d3bcf6628d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e69a0226517c1c6133b599cd4856b41a9b3df4df530e57b4d5e33aed6fe0d288
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 56e4c9f8c4989ea7216a471a0db46cbd220d34b7171d456e3224d4d3bcf6628d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D531F435A006099FC710DF68D884EAEBBB4EF0A305F188065E506CB796D7B0DD82CBB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateMenu.USER32 ref: 00DC3C79
                                                                                                                                                                                                                                                                                                                                                                        • SetMenu.USER32(?,00000000), ref: 00DC3C88
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00DC3D10
                                                                                                                                                                                                                                                                                                                                                                        • IsMenu.USER32(?), ref: 00DC3D24
                                                                                                                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 00DC3D2E
                                                                                                                                                                                                                                                                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00DC3D5B
                                                                                                                                                                                                                                                                                                                                                                        • DrawMenuBar.USER32 ref: 00DC3D63
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d2d6fe8ecf86d768dff47622ec483275762d4efa0e24b62e435151c00bca925e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5731b5d61f78b0c363f4dd8283d11add5a0f39496a67a8ef3a98adbc469a43e8
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d2d6fe8ecf86d768dff47622ec483275762d4efa0e24b62e435151c00bca925e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E415975A1130AAFDB14CF64D844FAA7BB5FF49350F18402CEA46A7360D731AA15CFA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D91EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D93CCA
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00D91F64
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32 ref: 00D91F6F
                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32 ref: 00D91F8B
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00D91F8E
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 00D91F97
                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 00D91FAB
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00D91FAE
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1389df2c1e7e61e5f3d211b2307cb1e20f8411d25b8eff7040d715305dc439ea
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1643e87f7eb0f2b0338fe5fce7b52c1844554e500b6730af52bcd03666f0841f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1389df2c1e7e61e5f3d211b2307cb1e20f8411d25b8eff7040d715305dc439ea
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD21FF75940219BBCF00AFA0CC84EFEBBB8EF05300F001105FA65A32A1CBB58919CB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00DC3A9D
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00DC3AA0
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00DC3AC7
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00DC3AEA
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00DC3B62
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00DC3BAC
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00DC3BC7
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00DC3BE2
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00DC3BF6
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00DC3C13
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3d1eeee11549ad869f5651fa13bc10203b20790b9d481f97f9515e6d69a1df22
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3c106dd66d32eacd6463fe82d50da75a0a6258e9dca70f4e0f5931b3da97f6f3
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d1eeee11549ad869f5651fa13bc10203b20790b9d481f97f9515e6d69a1df22
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87617B75900209AFDB10DFA8CD81FEE77B8EB49700F144199FA15EB2A1D770AE85DB60
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00D9B151
                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00D9A1E1,?,00000001), ref: 00D9B165
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 00D9B16C
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00D9A1E1,?,00000001), ref: 00D9B17B
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00D9B18D
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00D9A1E1,?,00000001), ref: 00D9B1A6
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00D9A1E1,?,00000001), ref: 00D9B1B8
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00D9A1E1,?,00000001), ref: 00D9B1FD
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00D9A1E1,?,00000001), ref: 00D9B212
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00D9A1E1,?,00000001), ref: 00D9B21D
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2cfb7dc4d31beff60f4b741b35c331da35f4874b3cfb9999e8f7d4670265e96d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6574b5f55a76ececb1ff8b9cef0bc9ff88d3036b63b9801096d3d45b5fcf9a39
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2cfb7dc4d31beff60f4b741b35c331da35f4874b3cfb9999e8f7d4670265e96d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8731CE71650305AFDF109FA5EE48F6D7BAEEB10321F155006FA04E62A0C7B0AA858F34
                                                                                                                                                                                                                                                                                                                                                                        Function 00D62C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D62C94
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00D6D7D1,00000000,00000000,00000000,00000000,?,00D6D7F8,00000000,00000007,00000000,?,00D6DBF5,00000000), ref: 00D629DE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D629C8: GetLastError.KERNEL32(00000000,?,00D6D7D1,00000000,00000000,00000000,00000000,?,00D6D7F8,00000000,00000007,00000000,?,00D6DBF5,00000000,00000000), ref: 00D629F0
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D62CA0
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D62CAB
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D62CB6
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D62CC1
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D62CCC
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D62CD7
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D62CE2
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D62CED
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D62CFB
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fa4bd243db98be75660d104545fb2528362f7165dcd8ab305aa61d460154ba52
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2645a25f995776d91de216875c6ee06e35f23447bceed80dff065e649d4f8f5b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa4bd243db98be75660d104545fb2528362f7165dcd8ab305aa61d460154ba52
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74119376640508BFCB06EF54D882CED3BA5FF45390F4144A6FA489B222DB31EA509FB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00DA7FAD
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00DA7FC1
                                                                                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 00DA7FEB
                                                                                                                                                                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00DA8005
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00DA8017
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00DA8060
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00DA80B0
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 429e6daefcbe5c06383a90d5fd98a8f2f9ce4af85c9a939401ff97c4a9da4a51
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1584689dd475c96745360efa93b4d7cea7c5fb95c350f98ce67471efe0b2176b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 429e6daefcbe5c06383a90d5fd98a8f2f9ce4af85c9a939401ff97c4a9da4a51
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA8180725083469BCB24DF14C8549AAB3E8FF86314F184C5EF885D7251EB35DE498B72
                                                                                                                                                                                                                                                                                                                                                                        Function 00D35BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EB), ref: 00D35C7A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D35D0A: GetClientRect.USER32(?,?), ref: 00D35D30
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D35D0A: GetWindowRect.USER32(?,?), ref: 00D35D71
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D35D0A: ScreenToClient.USER32(?,?), ref: 00D35D99
                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32 ref: 00D746F5
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00D74708
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00D74716
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00D7472B
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00D74733
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00D747C4
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID: U
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bef4d3dd663e405576cad8712b9f15609237bb4316d871a3783f07ba8ed2ea84
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 28c0de714c90962a12872fbd92b35552196a213212dfc41bce69f02ac4fc9947
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bef4d3dd663e405576cad8712b9f15609237bb4316d871a3783f07ba8ed2ea84
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2771C331400205DFCF268F64C984AFA7BB5FF46354F188269E9995A26AD731D841DFB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00DA35E4
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00E02390,?,00000FFF,?), ref: 00DA360A
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b65e6e2571570e4bec196419a2d75560bdf36194edcc131ac717630534739ba0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8719053aa376a117f6828fff84ded2c5c1bad3be660acfe6143d84c758a87f7b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b65e6e2571570e4bec196419a2d75560bdf36194edcc131ac717630534739ba0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62515D7180020ABBDF15EBA4CD52EEEBB79EF05300F145165F205721A1EB715A99DFB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DAC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00DAC272
                                                                                                                                                                                                                                                                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00DAC29A
                                                                                                                                                                                                                                                                                                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00DAC2CA
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00DAC322
                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?), ref: 00DAC336
                                                                                                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00DAC341
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f82f7153cef4bfc4d4268f850ba199c0070269a251e18316a4327fe525aff6c6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6270b10b671975a8d280393ee9e781ad3315321284bb2b06bdbb8c08b755d8e8
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f82f7153cef4bfc4d4268f850ba199c0070269a251e18316a4327fe525aff6c6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9319171510305AFDB219F648C88E6B7BFCEB4A750F14951DF48AD2250DB34DD059B74
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00D73AAF,?,?,Bad directive syntax error,00DCCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00D998BC
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000,?,00D73AAF,?), ref: 00D998C3
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00D99987
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f8c85caddde0cd82ca0e5305951903ed24ef358047577c8b1cc883ef68934f8f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 81cdaf50f29e54c6685ff0ec34d0244a037708098ad9dcafade058667cd799cd
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8c85caddde0cd82ca0e5305951903ed24ef358047577c8b1cc883ef68934f8f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69215E3184421EBBCF15AF94CC16EEEB775FF18300F049459F619660A2EB719618DB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32 ref: 00D920AB
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 00D920C0
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00D9214D
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 21df79266281644e098cc8f76d1c07c112a1b934f79fdbdfa6e983d6cb15773e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 25aba6a8aabafc95e6fb08311d45790df247909ad4ffdd63a263dc34f98a3f5b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21df79266281644e098cc8f76d1c07c112a1b934f79fdbdfa6e983d6cb15773e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F1106766C870BBAFF112220EC0BDB6379CCB05329F214116FF08B50E5EA61A85A5634
                                                                                                                                                                                                                                                                                                                                                                        Function 00D68D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b851c8c34edf5859350e20679be43f921b340c7430023ef5ff396f3b87b4d2fb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ac30a4a96e9ca1807bf6a2f0fc0d735c2295c9003530cfc066e3cd5111851bdb
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b851c8c34edf5859350e20679be43f921b340c7430023ef5ff396f3b87b4d2fb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02C100B4A04349AFCF11DFA8D851BADBBB8AF49310F084199F955AB392CB318945DB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D6CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3398959c27083551d7f3c07637caf3d736692dec73b850fce4774c47814f6e76
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1faa38f59612ce919f1159f82dda1820a9a37ee5487e4482250e51f085bce5cc
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3398959c27083551d7f3c07637caf3d736692dec73b850fce4774c47814f6e76
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68613871A06301AFDF25EFB49881B7A7BA6EF45350F08416DF985E7282DB329D4187B0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00DC5186
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00DC51C7
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000005,?,00000000), ref: 00DC51CD
                                                                                                                                                                                                                                                                                                                                                                        • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00DC51D1
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DC6FBA: DeleteObject.GDI32(00000000), ref: 00DC6FE6
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00DC520D
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DC521A
                                                                                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00DC524D
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00DC5287
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00DC5296
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 32b53815e208720e5a1484bb53801a2dbb40a309fea119a99fb7250870d41b90
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a857fda4d787bc6e147799ae073374b566aed8c1efe84144b2deed99a472f22f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 32b53815e208720e5a1484bb53801a2dbb40a309fea119a99fb7250870d41b90
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9551AE30A50A0ABEEF209F24EC49F99BBA5EB05320F584009F619972E4C371B9C0DB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D48B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00D86890
                                                                                                                                                                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00D868A9
                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00D868B9
                                                                                                                                                                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00D868D1
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00D868F2
                                                                                                                                                                                                                                                                                                                                                                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00D48874,00000000,00000000,00000000,000000FF,00000000), ref: 00D86901
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00D8691E
                                                                                                                                                                                                                                                                                                                                                                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00D48874,00000000,00000000,00000000,000000FF,00000000), ref: 00D8692D
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cfef7c794609a5d7aee8854bab21001c3fd521b6faad17e047dc94e0963c481d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d7e4864ee3a35a2d2439c9253136de2d28cd4957758782f64884ac3e8dc1aa82
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cfef7c794609a5d7aee8854bab21001c3fd521b6faad17e047dc94e0963c481d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04516970A0020AEFDB20DF25CC95FAA7BB5EB48760F144518F956A72E0DB71E990DB60
                                                                                                                                                                                                                                                                                                                                                                        Function 00DAC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00DAC182
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00DAC195
                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?), ref: 00DAC1A9
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DAC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00DAC272
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DAC253: GetLastError.KERNEL32 ref: 00DAC322
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DAC253: SetEvent.KERNEL32(?), ref: 00DAC336
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DAC253: InternetCloseHandle.WININET(00000000), ref: 00DAC341
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ebe80fb9986ea4bf3205b1b8176f85fd2bc7cafc1e6b652694c5ea7850d4ba5c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 04ed7262c282d9eca7bd14284f9a2a968a6a734385cae9084718b00858da57ce
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ebe80fb9986ea4bf3205b1b8176f85fd2bc7cafc1e6b652694c5ea7850d4ba5c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B31AE71221706AFDB219FA5DD04B66BBF8FF1A320B04641DFA5AC6610D731E810DBB4
                                                                                                                                                                                                                                                                                                                                                                        Function 00D925A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D93A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D93A57
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D93A3D: GetCurrentThreadId.KERNEL32 ref: 00D93A5E
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D93A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00D925B3), ref: 00D93A65
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00D925BD
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00D925DB
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00D925DF
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00D925E9
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00D92601
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00D92605
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00D9260F
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00D92623
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00D92627
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c86bbeb0331835b461c13c26c9a5602cc48dbbaac7ef592d8180fd10522891c5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0a95adaf2a9208ae40e8b6ba972efb25392c5e47fd44f6f1ead1ee629811f216
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c86bbeb0331835b461c13c26c9a5602cc48dbbaac7ef592d8180fd10522891c5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC01D4307A0311BBFB1067699C8AF593F59DB5EB12F111001F358EE2E1C9E264458AB9
                                                                                                                                                                                                                                                                                                                                                                        Function 00D91803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00D91449,?,?,00000000), ref: 00D9180C
                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00D91449,?,?,00000000), ref: 00D91813
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00D91449,?,?,00000000), ref: 00D91828
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,00D91449,?,?,00000000), ref: 00D91830
                                                                                                                                                                                                                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,00D91449,?,?,00000000), ref: 00D91833
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00D91449,?,?,00000000), ref: 00D91843
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00D91449,00000000,?,00D91449,?,?,00000000), ref: 00D9184B
                                                                                                                                                                                                                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,00D91449,?,?,00000000), ref: 00D9184E
                                                                                                                                                                                                                                                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,00D91874,00000000,00000000,00000000), ref: 00D91868
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5dd5bb87070a4a95834f900f380830749059b7fae03b88bf3f16d902fc8754c3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ea85d310045cba495e7e0a680f69ce26346e224a6b954b20c7807d34cb9251df
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5dd5bb87070a4a95834f900f380830749059b7fae03b88bf3f16d902fc8754c3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B01BFB5250345BFE710ABA6DC4DF5B3B6CEB89B11F045411FB05DB291C6749800CB30
                                                                                                                                                                                                                                                                                                                                                                        Function 00DBA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00D9D501
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00D9D50F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9D4DC: CloseHandle.KERNEL32(00000000), ref: 00D9D5DC
                                                                                                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00DBA16D
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00DBA180
                                                                                                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00DBA1B3
                                                                                                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 00DBA268
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 00DBA273
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00DBA2C4
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                                        • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 15559cd1295156b4bb17ea61708ea9c741495e88a470fd44ed941efc07008163
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 75fbfcf95ae93919d6202487f905eb45e834cfa4aa42726e2f486c5bf5d2b969
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15559cd1295156b4bb17ea61708ea9c741495e88a470fd44ed941efc07008163
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07618E34204242EFD720DF19C494F55BBE1AF44318F18849CE46A8BBA3C772ED45CBA2
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00DC3925
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00DC393A
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00DC3954
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DC3999
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 00DC39C6
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00DC39F4
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4ab4f9310ffc53614ba93bd769c581b30f43548e3c2b25da578865e331fb8f4d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 41c429da3913cce829e84751a80eb1877b51188aceba66079794fcc556d33e85
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ab4f9310ffc53614ba93bd769c581b30f43548e3c2b25da578865e331fb8f4d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F141B231A0031AABDF219F64CC45FEA77A9EF08350F14452AF958E7291D771DA84CBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D9BCFD
                                                                                                                                                                                                                                                                                                                                                                        • IsMenu.USER32(00000000), ref: 00D9BD1D
                                                                                                                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 00D9BD53
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(01036438), ref: 00D9BDA4
                                                                                                                                                                                                                                                                                                                                                                        • InsertMenuItemW.USER32(01036438,?,00000001,00000030), ref: 00D9BDCC
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4f27d6f48072e813b0d3165092925bc62b3883a24c5511578764cca0de9dc7d8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3a5c21a1bdf2e8a118d009b358c44b72a27ce96946e780e6ad40e71dd9ef1ef9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f27d6f48072e813b0d3165092925bc62b3883a24c5511578764cca0de9dc7d8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7651BF70A003099BDF10DFA8EA88BAEBBF4FF45324F19415AE546D7290E7709945CB71
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(00000000,00007F03), ref: 00D9C913
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                                        • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 295a022eaa994606715ff0514be7ac6844719ef0426aaa4865126246ac95dfe8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 37d09b07ddc2b5d8eed7e4094068b1aa22f46e81d3d31eba10b3b775729342c0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 295a022eaa994606715ff0514be7ac6844719ef0426aaa4865126246ac95dfe8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7112B3169930BBEAF046B149C82CAA779CDF1531EB20502AF904A6282D760DD445775
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 559aab8918db1a8d1967b5bdcbdd4dcd79e76da7a6827c5393fe25db86fb33e6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 60e4fff26b33fb898199c1e4a38cc3db0291b07b36aca71f3428602cc7521e94
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 559aab8918db1a8d1967b5bdcbdd4dcd79e76da7a6827c5393fe25db86fb33e6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53419F65C1021865CF11EBB4888A9CFB7A8EF45311F508466FD28E3122EB34E249C7BA
                                                                                                                                                                                                                                                                                                                                                                        Function 00D4F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00D8682C,00000004,00000000,00000000), ref: 00D4F953
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00D8682C,00000004,00000000,00000000), ref: 00D8F3D1
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00D8682C,00000004,00000000,00000000), ref: 00D8F454
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0312176c5a2afc210808b021c9f177f91c020756860f25168c2b746e5fa530ed
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6f2130531f05e2c223d013fd310506a936fefb442a1780e465b1d1a388dc58da
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0312176c5a2afc210808b021c9f177f91c020756860f25168c2b746e5fa530ed
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2541E731618781BBD7399F2D8988B2E7B92AB56314F1C543DE1CB96670C632E880CF31
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00DC2D1B
                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00DC2D23
                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00DC2D2E
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00DC2D3A
                                                                                                                                                                                                                                                                                                                                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00DC2D76
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00DC2D87
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00DC5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00DC2DC2
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00DC2DE1
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ce63ad3825d661947608d6d6f419a9b122d0504287779092881dad52c5a7edf1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6440effd51df68d4dbb20c3cd2c1301d47c779c50bcf08062220171edd7e5a2e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce63ad3825d661947608d6d6f419a9b122d0504287779092881dad52c5a7edf1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48318B72251616BFEB118F508C8AFFB3BA9EB19711F084055FE09DA2A1C6759C41CBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D95622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e7f17736b3febf10bb52680d48643cc905374d7f0775f54b8020b067ac7b1a8d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: db4bf26777f033ff7fbd60bd084da2ad834ce43115582a740f106424eb10e88b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e7f17736b3febf10bb52680d48643cc905374d7f0775f54b8020b067ac7b1a8d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66219565741A0A7BAF165A20AED2FFA235DEF21385F480034FD059B585F720EE1887B5
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d7283e1ced1aebca841a3c513de2a2a38f941603d8066c1bf92aa414ae297579
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 21d5551f999e9a91bc606bb436af42a39af3da9cfa338886618ca6fb0a5ed09a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7283e1ced1aebca841a3c513de2a2a38f941603d8066c1bf92aa414ae297579
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4D19D71A0060ADFDF10DF98E880BEEB7B5BF48344F188069E916AB285D771D945CBA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D71522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCPInfo.KERNEL32(?,?), ref: 00D715CE
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00D71651
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00D716E4
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00D716FB
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D63820: RtlAllocateHeap.NTDLL(00000000,?,00E01444,?,00D4FDF5,?,?,00D3A976,00000010,00E01440,00D313FC,?,00D313C6,?,00D31129), ref: 00D63852
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00D71777
                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00D717A2
                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00D717AE
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0bb8b2d31210733653e93ffa84a5d6b271b377200f7e5438516ccb1ae85c38fc
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b16694fff2e9fff0961688cc671aa91ba83f7d2a025b31549d61e7b5736bbc8e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0bb8b2d31210733653e93ffa84a5d6b271b377200f7e5438516ccb1ae85c38fc
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E91A379E002169ADB288E6CC881AEE7BB5EF49710F1C8759E909E7141F725DD44CBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 23599700e4d481a9dc051197ce3f642f0363ada40b6db78555765a9d8baf5fc8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 46b8c1149e7af74057d8b12fd4165ccf274ea315f96366cf20100eb296b273d5
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23599700e4d481a9dc051197ce3f642f0363ada40b6db78555765a9d8baf5fc8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD916E71A00219EBDF24CFA5C844FEEBBB8EF46714F148559F506AB282DB709945CBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00DA125C
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00DA1284
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00DA12A8
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00DA12D8
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00DA135F
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00DA13C4
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00DA1430
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9eb8355a282550b778f0ec8a12367960c0c16a2157457136941586f42fe7fc1b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8d3f8f876095fc3d509c7cf768c588a4ca23b8459f98dd79fa18a3703a921524
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9eb8355a282550b778f0ec8a12367960c0c16a2157457136941586f42fe7fc1b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1791147AA00209AFDB00DF98C885BBEB7B5FF46321F144429E941EB291D774E945CBB4
                                                                                                                                                                                                                                                                                                                                                                        Function 00D4948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a7acda191df04a2cd67a62171f7ba28d1e35b230cb842afde83ea4bec8c7d754
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 87f205a2a9cca5a87ee33333b4a0d9fe3d8fce9130a7312f96dee046d7a667d3
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7acda191df04a2cd67a62171f7ba28d1e35b230cb842afde83ea4bec8c7d754
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4910571D0021AAFCB10CFAAC894AEEBBB8FF49320F248559E515B7251D774A942DB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00DB396B
                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00DB3A7A
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DB3A8A
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00DB3C1F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DA0CDF: VariantInit.OLEAUT32(00000000), ref: 00DA0D1F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DA0CDF: VariantCopy.OLEAUT32(?,?), ref: 00DA0D28
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DA0CDF: VariantClear.OLEAUT32(?), ref: 00DA0D34
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 058b81287bc1f648c9496fe8ebea90fb0fb82cf73e35b58d3d6f9929b3286723
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d76eec7e6f4eb676c0309a912472a7787b966555b3513cd447b4be4bcdb3d7b4
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 058b81287bc1f648c9496fe8ebea90fb0fb82cf73e35b58d3d6f9929b3286723
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 479134756083059FCB04DF28C4809AAB7E4FF89314F14892DF88A9B351DB30EE45CBA2
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D8FF41,80070057,?,?,?,00D9035E), ref: 00D9002B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D8FF41,80070057,?,?), ref: 00D90046
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D8FF41,80070057,?,?), ref: 00D90054
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D8FF41,80070057,?), ref: 00D90064
                                                                                                                                                                                                                                                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00DB4C51
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DB4D59
                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00DB4DCF
                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(?), ref: 00DB4DDA
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                        • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c2538f1a42b30becf3946378413b7ea57e308ea92ad1f1c748812873bc26147d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 32ecde7e45dceb22f847bde45d837587cbcb1c8ebceb8719d540249eed2d0d5a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2538f1a42b30becf3946378413b7ea57e308ea92ad1f1c748812873bc26147d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D091F571D00219EFDF14DFA4D891AEEBBB9FF08310F108169E95AA7251DB709A448FB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetMenu.USER32(?), ref: 00DC2183
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(00000000), ref: 00DC21B5
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00DC21DD
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DC2213
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemID.USER32(?,?), ref: 00DC224D
                                                                                                                                                                                                                                                                                                                                                                        • GetSubMenu.USER32(?,?), ref: 00DC225B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D93A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D93A57
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D93A3D: GetCurrentThreadId.KERNEL32 ref: 00D93A5E
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D93A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00D925B3), ref: 00D93A65
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00DC22E3
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9E97B: Sleep.KERNEL32 ref: 00D9E9F3
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 66b7b3f9f11e135c604635dc9ac40113a3293efd2211f2af3b63fc08ac65aa1a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ea55337cdd14ba385c5a2cebddbb70b654d237e7cddfa47413103bec513a7422
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 66b7b3f9f11e135c604635dc9ac40113a3293efd2211f2af3b63fc08ac65aa1a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5712C75A00216AFCB14EF64C845EBEB7B5EF88310F148459E956EB351D734E9418FB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • IsWindow.USER32(010363C0), ref: 00DC7F37
                                                                                                                                                                                                                                                                                                                                                                        • IsWindowEnabled.USER32(010363C0), ref: 00DC7F43
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00DC801E
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(010363C0,000000B0,?,?), ref: 00DC8051
                                                                                                                                                                                                                                                                                                                                                                        • IsDlgButtonChecked.USER32(?,?), ref: 00DC8089
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(010363C0,000000EC), ref: 00DC80AB
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00DC80C3
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: eabe484b4881b991239cdf92adebfc374293a01d20e41d79a8556c71014b9d04
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 870517eac319d65e7b298a73457a8a3b96699fa399d1054091525bd98e340261
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eabe484b4881b991239cdf92adebfc374293a01d20e41d79a8556c71014b9d04
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 12716F34608206AFEB259F64C8D4FAABBB9EF49340F18445DF94597261CB31AD45EF30
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 00D9AEF9
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 00D9AF0E
                                                                                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 00D9AF6F
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 00D9AF9D
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 00D9AFBC
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 00D9AFFD
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00D9B020
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 76683b7c62a6a9c09d393d01d672598f24c5bb405e5ef8d3bd5364ed2ad7e869
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e49774ee50903b6bd7bb998bb12fcf5f38150b5fca5a9bc6d730a841f936aa26
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76683b7c62a6a9c09d393d01d672598f24c5bb405e5ef8d3bd5364ed2ad7e869
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8051C3A16047D63DFF3646388D45BBA7EA99F06314F0C858AF1D9854D2C398ACC4D7B1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32(00000000), ref: 00D9AD19
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 00D9AD2E
                                                                                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 00D9AD8F
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00D9ADBB
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00D9ADD8
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00D9AE17
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00D9AE38
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9d03f0dccf803afd1cf83c017c037f96a9206fa71ec51f3d2f62355d0dbb60b2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 55204440975d91296a0238974228057ff08ddeca6817bb9ef46d3ace7b742a07
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d03f0dccf803afd1cf83c017c037f96a9206fa71ec51f3d2f62355d0dbb60b2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0351C6A26447E53DFF3683388C55B7A7E999B46300F0C8589F1D5468C2D694EC84D7B2
                                                                                                                                                                                                                                                                                                                                                                        Function 00D6542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleCP.KERNEL32(00D73CD6,?,?,?,?,?,?,?,?,00D65BA3,?,?,00D73CD6,?,?), ref: 00D65470
                                                                                                                                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 00D654EB
                                                                                                                                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 00D65506
                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00D73CD6,00000005,00000000,00000000), ref: 00D6552C
                                                                                                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,00D73CD6,00000000,00D65BA3,00000000,?,?,?,?,?,?,?,?,?,00D65BA3,?), ref: 00D6554B
                                                                                                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,00D65BA3,00000000,?,?,?,?,?,?,?,?,?,00D65BA3,?), ref: 00D65584
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c166e3aab6f7ad0bf8692793011f9ce4acb3fde5ef79b763272b8ebec3d76c93
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f4e3c72398a8fbd7c4b6ba184ce9adc92de1ab3229f97e1f0aec627d1cba315e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c166e3aab6f7ad0bf8692793011f9ce4acb3fde5ef79b763272b8ebec3d76c93
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F518371A0074A9FDB10CFA8E845AEEBBF9EF09300F14455AE556E7295D7309A81CB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D52D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00D52D4B
                                                                                                                                                                                                                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00D52D53
                                                                                                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00D52DE1
                                                                                                                                                                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00D52E0C
                                                                                                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00D52E61
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ad2d4531a579b4944b80347806cf16773ff6c4774597a006ba7d0063ff0d272c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 16fa38e0210716b1ee399a97f4f118e8a965228061c5282818863207b855daba
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad2d4531a579b4944b80347806cf16773ff6c4774597a006ba7d0063ff0d272c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78418734A00209ABCF14DF58C845AAE7BB5FF46365F188156ED145B352D7319A1DCBF0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DB304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00DB307A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DB304E: _wcslen.LIBCMT ref: 00DB309B
                                                                                                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00DB1112
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 00DB1121
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 00DB11C9
                                                                                                                                                                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000), ref: 00DB11F9
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 376537540ba7923d4cdb488d32855c51c3a3b1ba17210309838e88d568b2b01c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2de24239490f58268773d6d8a22a5e3d2548d7cbd5bdfcf0c98606aaefd2ae5f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 376537540ba7923d4cdb488d32855c51c3a3b1ba17210309838e88d568b2b01c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6241E335600705EFDB109F18C894BEAB7E9EF453A4F588059FA4A9B291C770ED41CBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00D9CF22,?), ref: 00D9DDFD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00D9CF22,?), ref: 00D9DE16
                                                                                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00D9CF45
                                                                                                                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00D9CF7F
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00D9D005
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00D9D01B
                                                                                                                                                                                                                                                                                                                                                                        • SHFileOperationW.SHELL32(?), ref: 00D9D061
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a7cd32553b05bf14c5014156434ee1e6e4877889b8e3c1ef8d68a1838e4c5a0d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c94e913d40ae8a2ea51aeb29d686da30646971e57fbb4d14a144f79307359189
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7cd32553b05bf14c5014156434ee1e6e4877889b8e3c1ef8d68a1838e4c5a0d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E54146719462195FDF12EFA4D981EDDB7B9EF48380F1410E6E509EB141EA34A688CF70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00DC2E1C
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00DC2E4F
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00DC2E84
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00DC2EB6
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00DC2EE0
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00DC2EF1
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DC2F0B
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 451435d85727cae6413fd2d0ff420841ea532a632730864288cd6775344a70eb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 63ec0b3a791a8a0c75e66e63b65b9359e70cbb459e738e8a5a6046a6791122ba
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 451435d85727cae6413fd2d0ff420841ea532a632730864288cd6775344a70eb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 553126306442569FDB21DF59DC84FA537E8FB9A710F1801A8FA04EF2B1CB71A884DB21
                                                                                                                                                                                                                                                                                                                                                                        Function 00D97726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D97769
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D9778F
                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00D97792
                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 00D977B0
                                                                                                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 00D977B9
                                                                                                                                                                                                                                                                                                                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 00D977DE
                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 00D977EC
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 734a4688e3a341f7463d4867722fe8a49e96e64b889cbbfb7bfe35a3cba56141
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 96d33d2352c770059c9f033574063065381499fb73aaaef3391da9e0ca395149
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 734a4688e3a341f7463d4867722fe8a49e96e64b889cbbfb7bfe35a3cba56141
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E521927661821AAFDF10DFE9CC88CBB77ACEB097647048025FA15DB260D670EC4187B0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D977FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D97842
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D97868
                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00D9786B
                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32 ref: 00D9788C
                                                                                                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32 ref: 00D97895
                                                                                                                                                                                                                                                                                                                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 00D978AF
                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 00D978BD
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bc44c2bbb9e8f66560a40604a853029859a4600348f5b638b505364a960aa285
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2ee49faed0c6815ac14a9e2db22c5f533dab60134b7b87c1b989a950b8b2acbe
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc44c2bbb9e8f66560a40604a853029859a4600348f5b638b505364a960aa285
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44217131618205AFDF10AFE8DC88DAA77ECFB097607148125FA15CB2A1D670EC41CB74
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(0000000C), ref: 00DA04F2
                                                                                                                                                                                                                                                                                                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00DA052E
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                        • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2a00fe98bc53af3bbae4690521a2cd02ec6d83b5ea9a341330ce7b013f8e6c73
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 45d9e4cbb346b45638ecb4652d40c0ed12470cd2f37ca3716939465b3acebc2b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a00fe98bc53af3bbae4690521a2cd02ec6d83b5ea9a341330ce7b013f8e6c73
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C218B71900306AFDF209F69DC44A9ABFB4AF46764F244A19F9A1D62E0E770D950CF30
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 00DA05C6
                                                                                                                                                                                                                                                                                                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00DA0601
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                        • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 479ef5d27a8d05c94aad6fc970d6abad5719b0db11171806f35c39d446625143
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f6a63381afa245a326b4c27c2218faf67c258d07fc1eefa09491d8184bb0ff39
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 479ef5d27a8d05c94aad6fc970d6abad5719b0db11171806f35c39d446625143
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 112165755003069FDB209F69DC04E5A7BE4BF96724F280A19F9A1E72D0E770D960CB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D3600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00D3604C
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D3600E: GetStockObject.GDI32(00000011), ref: 00D36060
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D3600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00D3606A
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00DC4112
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00DC411F
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00DC412A
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00DC4139
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00DC4145
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0a115bcd92523c2a988ba6939be27ddc0fd1f20328331c33cb97a56cb8bf52c1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cdf1c123935825d5f64b37f81b30e638099c1a49a4da461275545a7939aaadca
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a115bcd92523c2a988ba6939be27ddc0fd1f20328331c33cb97a56cb8bf52c1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B1190B215021ABEEF118F64CC86EE77F9DEF08798F018111FB58A6150C672DC619BB4
                                                                                                                                                                                                                                                                                                                                                                        Function 00D6D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D6D7A3: _free.LIBCMT ref: 00D6D7CC
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6D82D
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00D6D7D1,00000000,00000000,00000000,00000000,?,00D6D7F8,00000000,00000007,00000000,?,00D6DBF5,00000000), ref: 00D629DE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D629C8: GetLastError.KERNEL32(00000000,?,00D6D7D1,00000000,00000000,00000000,00000000,?,00D6D7F8,00000000,00000007,00000000,?,00D6DBF5,00000000,00000000), ref: 00D629F0
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6D838
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6D843
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6D897
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6D8A2
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6D8AD
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6D8B8
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c50fb5f14624c33c03f07dae5e05c4573e4387a91d28e75e31199b8ce8a3ce9b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71115E71B80B04ABD621BFB0DC47FDB7BDDEF40700F440826B29AA6092DB75B5058A71
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00D9DA74
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000), ref: 00D9DA7B
                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00D9DA91
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000), ref: 00D9DA98
                                                                                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00D9DADC
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        • %s (%d) : ==> %s: %s %s, xrefs: 00D9DAB9
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: de4b73fd31a9adfbcb1eb767904d7050dac577a714f7ceb3367e88057da2d6a1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7e912bbefb13599e0a23cec177888a8f36ac8f25438ae580f2e7933b1f88a4c0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de4b73fd31a9adfbcb1eb767904d7050dac577a714f7ceb3367e88057da2d6a1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F50186F25103097FEB10ABA49D89EF7736CE708301F405495F74AE2141EA749E844F74
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(0102FAB0,0102FAB0), ref: 00DA097B
                                                                                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(0102FA90,00000000), ref: 00DA098D
                                                                                                                                                                                                                                                                                                                                                                        • TerminateThread.KERNEL32(?,000001F6), ref: 00DA099B
                                                                                                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00DA09A9
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00DA09B8
                                                                                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(0102FAB0,000001F6), ref: 00DA09C8
                                                                                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(0102FA90), ref: 00DA09CF
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f0a62f47246aeb2fcbb23e26117d0c090004dc60db8ab23c14987cef9f6cfbd3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b4936c42a015f723ee1743ecf439163ee76972db9972ffa278318d1f892616fa
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f0a62f47246aeb2fcbb23e26117d0c090004dc60db8ab23c14987cef9f6cfbd3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0CF01932552A03ABD7415BA4EE88ED6BA29FF01702F482025F206909A0C7749465CFA4
                                                                                                                                                                                                                                                                                                                                                                        Function 00D35D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00D35D30
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00D35D71
                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00D35D99
                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00D35ED7
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00D35EF8
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b9c34df37d7af23b918a53f712eac93d55bcb9742feb13c696f0dfcffa2e9251
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: daad4ad9379c678f718c5feb1351ce8769d3ea7a0ac0ab4fb16598edae66ef00
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b9c34df37d7af23b918a53f712eac93d55bcb9742feb13c696f0dfcffa2e9251
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1EB16A35A0074ADBDB10CFA8D4407EAB7F1FF48310F18941AE8A9D7254EB34EA51DB60
                                                                                                                                                                                                                                                                                                                                                                        Function 00D601B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 00D600BA
                                                                                                                                                                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D600D6
                                                                                                                                                                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 00D600ED
                                                                                                                                                                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D6010B
                                                                                                                                                                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 00D60122
                                                                                                                                                                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D60140
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: da66c4f19807201aceba773c6e0006f45dee016493192dfa525c99c42572610e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF81E772A007069BEB249F68CC41B6B77E9EF41324F28463AF951DB681E774D9448BB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB1D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DB3149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,00DB101C,00000000,?,?,00000000), ref: 00DB3195
                                                                                                                                                                                                                                                                                                                                                                        • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00DB1DC0
                                                                                                                                                                                                                                                                                                                                                                        • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00DB1DE1
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 00DB1DF2
                                                                                                                                                                                                                                                                                                                                                                        • inet_ntoa.WSOCK32(?), ref: 00DB1E8C
                                                                                                                                                                                                                                                                                                                                                                        • htons.WSOCK32(?,?,?,?,?), ref: 00DB1EDB
                                                                                                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 00DB1F35
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D939E8: _strlen.LIBCMT ref: 00D939F2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D36D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,00D4CF58,?,?,?), ref: 00D36DBA
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D36D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00D4CF58,?,?,?), ref: 00D36DED
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1923757996-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d76cf6f0aed6197148faa872339470962ac3df48f213ca02feff44478c2c9fa1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c4f09135d35a608c2bfdfeb86a2cb783ca7588cf4f8ca221fafd852a5b1438ff
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d76cf6f0aed6197148faa872339470962ac3df48f213ca02feff44478c2c9fa1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36A1C135504301AFC314DF24C8A5F6ABBA5EF88318F98894CF5565B2A2CB71ED45CBB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D661FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00D582D9,00D582D9,?,?,?,00D6644F,00000001,00000001,8BE85006), ref: 00D66258
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00D6644F,00000001,00000001,8BE85006,?,?,?), ref: 00D662DE
                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00D663D8
                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00D663E5
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D63820: RtlAllocateHeap.NTDLL(00000000,?,00E01444,?,00D4FDF5,?,?,00D3A976,00000010,00E01440,00D313FC,?,00D313C6,?,00D31129), ref: 00D63852
                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00D663EE
                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00D66413
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8e65e83da60e4839af847c3f533adcf5ec4b18ab6ced1b23158081a72f20e2ac
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c02e00e1233498af0d32b4a3cf058d6fe61d870443300026737e1522d507ed8f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e65e83da60e4839af847c3f533adcf5ec4b18ab6ced1b23158081a72f20e2ac
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD51BF72A00216ABEB258F64DC81EBF7BA9EF44750F1D462AFD05DA240EB34DC50C6B0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DBBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DBC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00DBB6AE,?,?), ref: 00DBC9B5
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DBC998: _wcslen.LIBCMT ref: 00DBC9F1
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DBC998: _wcslen.LIBCMT ref: 00DBCA68
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DBC998: _wcslen.LIBCMT ref: 00DBCA9E
                                                                                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DBBCCA
                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00DBBD25
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00DBBD6A
                                                                                                                                                                                                                                                                                                                                                                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00DBBD99
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00DBBDF3
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00DBBDFF
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e96430620621985e9aa7e79af8acf95e4e9953924e986e16966f157c50d4c3a4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1a266ff0e126506a752aeea73038098c446ba4e999fe53843498c7dfe33bc26f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e96430620621985e9aa7e79af8acf95e4e9953924e986e16966f157c50d4c3a4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75818D30208241EFC714DF24C891E6ABBE5FF84318F54855DF59A8B2A2CB71ED45CBA2
                                                                                                                                                                                                                                                                                                                                                                        Function 00D8F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(00000035), ref: 00D8F7B9
                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00000001), ref: 00D8F860
                                                                                                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(00D8FA64,00000000), ref: 00D8F889
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(00D8FA64), ref: 00D8F8AD
                                                                                                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(00D8FA64,00000000), ref: 00D8F8B1
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00D8F8BB
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b6e5328ec30f33ffbde6f4b2d8d3534223e0e14fd5101537e2afa0fd9a01789a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cfe685274745287c400b80c81ee56260499e3f962ec20af7992e045a5e224684
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6e5328ec30f33ffbde6f4b2d8d3534223e0e14fd5101537e2afa0fd9a01789a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9851B076A10311BBCF24BB65D895B2DB3A8EF45310F249467E906DF292DB709C40CBB6
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D37620: _wcslen.LIBCMT ref: 00D37625
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D36B57: _wcslen.LIBCMT ref: 00D36B6A
                                                                                                                                                                                                                                                                                                                                                                        • GetOpenFileNameW.COMDLG32(00000058), ref: 00DA94E5
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DA9506
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DA952D
                                                                                                                                                                                                                                                                                                                                                                        • GetSaveFileNameW.COMDLG32(00000058), ref: 00DA9585
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                                        • String ID: X
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bad97dee38c9cc1f7e69b15912a365dd7abadb8a8b8f17dab80b586fb593dedb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 26a356847f67644a4955e1592b4dbd153f531e1d3d1646b8eb7d1b6a934f1232
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bad97dee38c9cc1f7e69b15912a365dd7abadb8a8b8f17dab80b586fb593dedb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8EE180715083409FDB24DF24C491A6AB7E4FF85314F18896DF8899B2A2DB71ED05CBB2
                                                                                                                                                                                                                                                                                                                                                                        Function 00D4920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D49BB2
                                                                                                                                                                                                                                                                                                                                                                        • BeginPaint.USER32(?,?,?), ref: 00D49241
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00D492A5
                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00D492C2
                                                                                                                                                                                                                                                                                                                                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00D492D3
                                                                                                                                                                                                                                                                                                                                                                        • EndPaint.USER32(?,?,?,?,?), ref: 00D49321
                                                                                                                                                                                                                                                                                                                                                                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00D871EA
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D49339: BeginPath.GDI32(00000000), ref: 00D49357
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5a5bc58378a746600405a4a491443344b622da229aa1bb66815890bc3ee3ee8f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 358ba36eee39fbcd687b53f22e542863b9b2bc06e784f36ff6cb838fb418169b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a5bc58378a746600405a4a491443344b622da229aa1bb66815890bc3ee3ee8f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78418030104301AFD711DF26DC99FABBBA8EB86320F140269FA949B2A1C7719845DB71
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 00DA080C
                                                                                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00DA0847
                                                                                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00DA0863
                                                                                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00DA08DC
                                                                                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00DA08F3
                                                                                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 00DA0921
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ba664f7e9d398df7e8a903db7c29fa17087a509bb7069ec630214a5439d9b3f0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 683aba9926ff1ab872cd8a3d5134ef7a9df1bbb07498aa1989a5970558885571
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba664f7e9d398df7e8a903db7c29fa17087a509bb7069ec630214a5439d9b3f0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C415B71900206AFDF14AF64DC85A6ABBB8FF05300F1480A5ED04DA296D730DE55DBB4
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00D8F3AB,00000000,?,?,00000000,?,00D8682C,00000004,00000000,00000000), ref: 00DC824C
                                                                                                                                                                                                                                                                                                                                                                        • EnableWindow.USER32(?,00000000), ref: 00DC8272
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00DC82D1
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000004), ref: 00DC82E5
                                                                                                                                                                                                                                                                                                                                                                        • EnableWindow.USER32(?,00000001), ref: 00DC830B
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00DC832F
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2f438cbd79ae16e5b40b6058f845273390950000f4416acaaadb7f26824dbbd1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e9e79a9188652a47c8a70bdd764c613d89e34b555901f7069a12c572cb16c2aa
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f438cbd79ae16e5b40b6058f845273390950000f4416acaaadb7f26824dbbd1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F41A330601646AFDB11CF15C899FA4BBE0FB4A715F1C52ADE5089F2B2CB32A845DF64
                                                                                                                                                                                                                                                                                                                                                                        Function 00D94C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • IsWindowVisible.USER32(?), ref: 00D94C95
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00D94CB2
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00D94CEA
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00D94D08
                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00D94D10
                                                                                                                                                                                                                                                                                                                                                                        • _wcsstr.LIBVCRUNTIME ref: 00D94D1A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5329e42b024c3ba1400be88470c39698547bfaede7b569ad0f1419257358e0db
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1004ca358c663a8089d9c007b0b83e43fd177ee35519e15eec08507451b64114
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5329e42b024c3ba1400be88470c39698547bfaede7b569ad0f1419257358e0db
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73210836604201BFEF255B39ED49E7B7B9CDF45750F148039F909CA2A2EA61DC4297B0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D33AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00D33A97,?,?,00D32E7F,?,?,?,00000000), ref: 00D33AC2
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DA587B
                                                                                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00DA5995
                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(00DCFCF8,00000000,00000001,00DCFB68,?), ref: 00DA59AE
                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 00DA59CC
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 16d599f9988e0cd2fca273b9e1a064bb477f22904bf4f625e28c7eb37cf33125
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 00ae436e6441e3c75e4823c4f4c5bbab4f4036889dd2ba937c433d199bdea219
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16d599f9988e0cd2fca273b9e1a064bb477f22904bf4f625e28c7eb37cf33125
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1D142756087019FC714DF25D480A2ABBE1FF8A720F14885DF88A9B361DB31ED45CBA2
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D90FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00D90FCA
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D90FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00D90FD6
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D90FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00D90FE5
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D90FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00D90FEC
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D90FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00D91002
                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000000,00D91335), ref: 00D917AE
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00D917BA
                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00D917C1
                                                                                                                                                                                                                                                                                                                                                                        • CopySid.ADVAPI32(00000000,00000000,?), ref: 00D917DA
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,00D91335), ref: 00D917EE
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00D917F5
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e10e810215ab59ac5e4660922e0cf682ea5ed2f11e7cf2421fbf63cfa28f9347
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cf3f7051f721f207a238959ca9fda266fa07291b1abbb5eeb164ee736eec9e50
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e10e810215ab59ac5e4660922e0cf682ea5ed2f11e7cf2421fbf63cfa28f9347
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E118636A10307EFDF109FA5CC49FAE7BA9EB41355F184018E586E7220C736A944CB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D914CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00D914FF
                                                                                                                                                                                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00D91506
                                                                                                                                                                                                                                                                                                                                                                        • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00D91515
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000004), ref: 00D91520
                                                                                                                                                                                                                                                                                                                                                                        • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00D9154F
                                                                                                                                                                                                                                                                                                                                                                        • DestroyEnvironmentBlock.USERENV(00000000), ref: 00D91563
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 86b6bbcaa4ae8c270cac1e7419b601a95c6afac9ab99d1f55572e0143799f640
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9e27deeab4f0b3c3b60bcad36feb47af9812ef63b0c02052a3de5bdce4faf4b7
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86b6bbcaa4ae8c270cac1e7419b601a95c6afac9ab99d1f55572e0143799f640
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8811177650024AABDF118F98ED49FDE7BA9FB48744F094015FA09A2160C375CE61AB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D53382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00D53379,00D52FE5), ref: 00D53390
                                                                                                                                                                                                                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00D5339E
                                                                                                                                                                                                                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00D533B7
                                                                                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,00D53379,00D52FE5), ref: 00D53409
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f1c9cfecf80f92e7dbe14654d81f8bea3e2a36fec1a951ff5ac789bac5d977c5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9b35de3af4572315bf370a38cc21c54cb6f156830bbb67f8b42edd045e0ce741
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1c9cfecf80f92e7dbe14654d81f8bea3e2a36fec1a951ff5ac789bac5d977c5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D016832218312BFEE152774BC81A762A44DB113FB320422DFC10C52F0EF114D1E9578
                                                                                                                                                                                                                                                                                                                                                                        Function 00D62D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00D65686,00D73CD6,?,00000000,?,00D65B6A,?,?,?,?,?,00D5E6D1,?,00DF8A48), ref: 00D62D78
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D62DAB
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D62DD3
                                                                                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,?,?,00D5E6D1,?,00DF8A48,00000010,00D34F4A,?,?,00000000,00D73CD6), ref: 00D62DE0
                                                                                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,?,?,00D5E6D1,?,00DF8A48,00000010,00D34F4A,?,?,00000000,00D73CD6), ref: 00D62DEC
                                                                                                                                                                                                                                                                                                                                                                        • _abort.LIBCMT ref: 00D62DF2
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 850eafdcd19fdcc31580090c9aa26b8eecc82932b12d0397ed1a80dfc375f7be
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cf295b356fc179b68eae60e4b7cfb4defed7231c77952ea82155f629a5b34331
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 850eafdcd19fdcc31580090c9aa26b8eecc82932b12d0397ed1a80dfc375f7be
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CFF0C831A44F0227C2122738BC16F7E2659EFC27B1F294419F968D22D6EF2488114AB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D49639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00D49693
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D49639: SelectObject.GDI32(?,00000000), ref: 00D496A2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D49639: BeginPath.GDI32(?), ref: 00D496B9
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D49639: SelectObject.GDI32(?,00000000), ref: 00D496E2
                                                                                                                                                                                                                                                                                                                                                                        • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00DC8A4E
                                                                                                                                                                                                                                                                                                                                                                        • LineTo.GDI32(?,00000003,00000000), ref: 00DC8A62
                                                                                                                                                                                                                                                                                                                                                                        • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00DC8A70
                                                                                                                                                                                                                                                                                                                                                                        • LineTo.GDI32(?,00000000,00000003), ref: 00DC8A80
                                                                                                                                                                                                                                                                                                                                                                        • EndPath.GDI32(?), ref: 00DC8A90
                                                                                                                                                                                                                                                                                                                                                                        • StrokePath.GDI32(?), ref: 00DC8AA0
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 50f6051d5973aba0ba706d04b7578e0fd5a8bc2976ba6ce44f0a150fd00927b9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 325c91af8ca3f18e6e0b0ccb0e70170cf04dab6cff67e5649c65d93733200136
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50f6051d5973aba0ba706d04b7578e0fd5a8bc2976ba6ce44f0a150fd00927b9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57110C7640020AFFDF119F91DC48E9A7F6CEB04390F048055FA599A1A1C7719D55EF70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D951FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00D95218
                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 00D95229
                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D95230
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00D95238
                                                                                                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00D9524F
                                                                                                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00D95261
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ecb7295af41e9bf53dcfa1c289c612dfd0b65814833812b8b8f581ead7722742
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ad25514a3011e54b9e14840dd7175297862a47b83f1df849e5d6b027da85373c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ecb7295af41e9bf53dcfa1c289c612dfd0b65814833812b8b8f581ead7722742
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44014475A41716BBEF105BA59D49E5EBF78EF44751F084065FB08E7391D6709800CB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D31BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00D31BF4
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 00D31BFC
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00D31C07
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00D31C12
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 00D31C1A
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00D31C22
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 20a0328a67821ee45d1474412dc62f00ce7221ed1a6a2f7b9b4ed43601391d88
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9a153ab505fcbb8a024032c1794f509fc830d566dc602ccd0aabf0d92f3792be
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 20a0328a67821ee45d1474412dc62f00ce7221ed1a6a2f7b9b4ed43601391d88
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C016CB094275A7DE3008F5A8C85B52FFA8FF19354F00411BD15C47A41C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00D9EB30
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00D9EB46
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 00D9EB55
                                                                                                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00D9EB64
                                                                                                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00D9EB6E
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00D9EB75
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 17141a6bc8d3a4eb164d9a0c2e5faeaad28a22ce42d69b9a59ef331a7a23b51b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f4b7640a143a469afc27a094c308c91ec2cdc2853e4b535bdd94bfafc1682293
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 17141a6bc8d3a4eb164d9a0c2e5faeaad28a22ce42d69b9a59ef331a7a23b51b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EBF09A7265025ABBE7205BA39C0EEEF3A7CEFCAB15F001158F705D12A0D7A01A01CAB4
                                                                                                                                                                                                                                                                                                                                                                        Function 00D87439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?), ref: 00D87452
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 00D87469
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowDC.USER32(?), ref: 00D87475
                                                                                                                                                                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,?,?), ref: 00D87484
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00D87496
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000005), ref: 00D874B0
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8e2f6da85db06002a4cdc8123e5401ca5b6d128e83d725f45fcc488f62898293
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e3157ac32ec8fcb78dc97f4f585f2aa1501aea9634fee32ce1d148cb86726a3e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e2f6da85db06002a4cdc8123e5401ca5b6d128e83d725f45fcc488f62898293
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF018B31410206EFDB10AFA8DC08FAA7BB5FB04311F251060FA19E22B1CB315E42AB60
                                                                                                                                                                                                                                                                                                                                                                        Function 00D91874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00D9187F
                                                                                                                                                                                                                                                                                                                                                                        • UnloadUserProfile.USERENV(?,?), ref: 00D9188B
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00D91894
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00D9189C
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00D918A5
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00D918AC
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2f49610e0b8ffb1004938865ea69100d3b190d59becab29f9bea4cdabae18ba6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0fb18e3fe7484b5a5b17a893e091f94b1dd69c3532bf18627417f8994bf50fcb
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f49610e0b8ffb1004938865ea69100d3b190d59becab29f9bea4cdabae18ba6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0E0C236514703BBDB015BE2ED0CD0ABB29FB59B22B109220F329C16B0CB329420DF60
                                                                                                                                                                                                                                                                                                                                                                        Function 00D3BBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00D3BEB3
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                        • String ID: D%$D%$D%$D%
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-2722557190
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e1c02f41184f9c99738a3183fa66367aceecca7f8bbfb16a6d7bfe4762eb2544
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d52176be49d50ac7d3dd01d0684885f0aa64b25f7f3bfe3f5b09ad885f80ab69
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e1c02f41184f9c99738a3183fa66367aceecca7f8bbfb16a6d7bfe4762eb2544
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05912B75A00206CFCB24CF69C4916A9B7F1FF58324F24416EDA86AB350D731E981CBA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D37620: _wcslen.LIBCMT ref: 00D37625
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00D9C6EE
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00D9C735
                                                                                                                                                                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00D9C79C
                                                                                                                                                                                                                                                                                                                                                                        • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00D9C7CA
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b6b15c0b4328dcbeb3c082e08de7e43106fbb454cde64cdebcefa9f58ae607c5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c58e408371316ceda77bf91e909a4bb9eca960886ca2122fbdee37fccfeacf78
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6b15c0b4328dcbeb3c082e08de7e43106fbb454cde64cdebcefa9f58ae607c5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C151CF716243019BDB109F68C885B6B77E4EF89310F082A2DF995E71E0DB70D9448B72
                                                                                                                                                                                                                                                                                                                                                                        Function 00DBAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • ShellExecuteExW.SHELL32(0000003C), ref: 00DBAEA3
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D37620: _wcslen.LIBCMT ref: 00D37625
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessId.KERNEL32(00000000), ref: 00DBAF38
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00DBAF67
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8c1c24370465250a76099684a0c8cd7652326576026f4be46a95a292a72f116a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cb0e7158adaa94e1def663b4f48f52a6ad1bed1887457532b1dd7c735137ab60
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c1c24370465250a76099684a0c8cd7652326576026f4be46a95a292a72f116a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA714575A00619DFCB14DF59C484A9EBBF0EF08310F048499E856AB3A2CB74ED45CBB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00D97206
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00D9723C
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00D9724D
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00D972CF
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                                        • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 21781b0ec9747b4afc49f1bb50ece13732318165561893646208bcb60ed462f9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8df1feccaac4c8f76dcd35a6e1cf55308afe631a0fa4801e2b12fc8fb5fc7b9b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21781b0ec9747b4afc49f1bb50ece13732318165561893646208bcb60ed462f9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E416AB1A24205EFDF15CF54C884A9A7BA9EF44710F2981A9BD099F20AD7B0D944CBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00DC3E35
                                                                                                                                                                                                                                                                                                                                                                        • IsMenu.USER32(?), ref: 00DC3E4A
                                                                                                                                                                                                                                                                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00DC3E92
                                                                                                                                                                                                                                                                                                                                                                        • DrawMenuBar.USER32 ref: 00DC3EA5
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 75f63555e85f6ce65454ab8e48d5aa180b2234ff7a00972ae1029924f7f2471c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bb28c9b77fa1d9f83929097d228f530bfa38701c00a6c14fe0e50a33e191bde4
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75f63555e85f6ce65454ab8e48d5aa180b2234ff7a00972ae1029924f7f2471c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED4149B5A1020AAFDB10DF50D884EAABBB9FF49350F18825DF905A7250D730AE45CF70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D91DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D93CCA
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00D91E66
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00D91E79
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000189,?,00000000), ref: 00D91EA9
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D36B57: _wcslen.LIBCMT ref: 00D36B6A
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 721d1f5ddac2cc0eebdb7a98851050dc191905ece78d226cd863f75b4cd2b239
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8256030876074047ed5bf4455ce2cc67e889b89b5ad556b2665224652afce6d2
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 721d1f5ddac2cc0eebdb7a98851050dc191905ece78d226cd863f75b4cd2b239
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66210679A00109BFDF14ABA4DD5ACFFB7B8DF45350F148129F925A72E1DB74490A8A30
                                                                                                                                                                                                                                                                                                                                                                        Function 00DBC9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 176396367-4004644295
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bf5e820a4b11321f1430dae45aef8226d14ba74ece0473aee8344f87873f4ba0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6dde8b88d79ff2cedaba2d097acdcb2fdf6feee89477365b93d23b43e88f9749
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf5e820a4b11321f1430dae45aef8226d14ba74ece0473aee8344f87873f4ba0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E31F272A2016ACACB20DE2C98401FE3391BBA1754B1E5029EC57AB345EA71CE8497B0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00DC2F8D
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(?), ref: 00DC2F94
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00DC2FA9
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00DC2FB1
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a701d8a0a521eed7eb25de8a272aab2a2ef95355de76312a4ef1d3dc3da63846
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f71034f3523a914d7a2d07ad872a91722d5a659c5790dd42ba9c4e26bdfc1633
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a701d8a0a521eed7eb25de8a272aab2a2ef95355de76312a4ef1d3dc3da63846
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C321887120020AABEB218F669C80FBB77B9EF59364F14521CFA50D71A0D671DC919770
                                                                                                                                                                                                                                                                                                                                                                        Function 00D54D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00D54D1E,00D628E9,?,00D54CBE,00D628E9,00DF88B8,0000000C,00D54E15,00D628E9,00000002), ref: 00D54D8D
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00D54DA0
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00D54D1E,00D628E9,?,00D54CBE,00D628E9,00DF88B8,0000000C,00D54E15,00D628E9,00000002,00000000), ref: 00D54DC3
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e5e4aa2e0ea1d8214ccc8f0258028d96c56449a13463e72867f0b5f3890adbfb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7e018f671950b18f8d224eca1d20794000735a7eeaaf4f1acfb1ee9b1b9ff1a2
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5e4aa2e0ea1d8214ccc8f0258028d96c56449a13463e72867f0b5f3890adbfb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9FF03C34A5030ABBDB119F91DC49BAEBFB5EF44756F0800A5ED09E6260CB305989CAB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D34E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00D34EDD,?,00E01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D34E9C
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00D34EAE
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00D34EDD,?,00E01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D34EC0
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 31f6af6fa7f1ef6bd371f61c22faf23f7c7a46de452cbe598665d9689eacbaf5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cfbf61df13cbe66f07fce1fab9703dd6b284a4dba20df11898830026a04e73f9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 31f6af6fa7f1ef6bd371f61c22faf23f7c7a46de452cbe598665d9689eacbaf5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 92E08635A117235F92211B266C18F6B6554AF81B62B0D0115FE08E2310DB64DD0641B1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D34E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00D73CDE,?,00E01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D34E62
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00D34E74
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00D73CDE,?,00E01418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D34E87
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1256ced1daa77962d3fa1b295fbcd331b9e6317283e30ff1c0ef910b50e1501a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b88a0a1a0523b7986eccdd6218675e21cdf8223cc258c94b3d283b3f078b9db8
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1256ced1daa77962d3fa1b295fbcd331b9e6317283e30ff1c0ef910b50e1501a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51D0C2329127235B46221B26AC08E8B2A18AF81F1130E0114FA08F2210CF24CD0281F0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00DA2C05
                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00DA2C87
                                                                                                                                                                                                                                                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00DA2C9D
                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00DA2CAE
                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00DA2CC0
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4dcb7e22155bd813c765f7202eed343dd50af948e98c736cbf1b63ca3b9d7745
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 473cbb4e95a1fb17f517b83ec105d92b6c3ecb229fe5561b127d8e12be4f46f4
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4dcb7e22155bd813c765f7202eed343dd50af948e98c736cbf1b63ca3b9d7745
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1DB17D72D00119ABDF25DBA9CC85EEEB7BDEF09350F1040A6FA09E6145EB309A448F71
                                                                                                                                                                                                                                                                                                                                                                        Function 00DBA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00DBA427
                                                                                                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00DBA435
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00DBA468
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00DBA63D
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2eb9ad656f340fe04f49d8b7bebfcab1d5a64336e3a4b8565cc4d06fdbbf6e7c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: eed26ac6139d4f4071b4f8b2451a76c7989bdbb1da8fb1231823dc910e06c097
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2eb9ad656f340fe04f49d8b7bebfcab1d5a64336e3a4b8565cc4d06fdbbf6e7c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42A193716047019FD720DF18C886F6AB7E5EF84714F14885DF69A9B392D770EC418BA1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00D9CF22,?), ref: 00D9DDFD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00D9CF22,?), ref: 00D9DE16
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9E199: GetFileAttributesW.KERNEL32(?,00D9CF95), ref: 00D9E19A
                                                                                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00D9E473
                                                                                                                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00D9E4AC
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00D9E5EB
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00D9E603
                                                                                                                                                                                                                                                                                                                                                                        • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00D9E650
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 57165c57eda494d5c4946ea65385b6ce7ccf4b039f3663eeca14ad6a76ecd373
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0e4c84e771ebe85b8a7f0aeb52e2e99aa539bfc154efdc8a4d5234804e508af6
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57165c57eda494d5c4946ea65385b6ce7ccf4b039f3663eeca14ad6a76ecd373
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31514FB24083459BCB24EB94D8919DFB3ECEF85340F04491EF689D3191EE74E6888B76
                                                                                                                                                                                                                                                                                                                                                                        Function 00DBB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DBC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00DBB6AE,?,?), ref: 00DBC9B5
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DBC998: _wcslen.LIBCMT ref: 00DBC9F1
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DBC998: _wcslen.LIBCMT ref: 00DBCA68
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DBC998: _wcslen.LIBCMT ref: 00DBCA9E
                                                                                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DBBAA5
                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00DBBB00
                                                                                                                                                                                                                                                                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00DBBB63
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?), ref: 00DBBBA6
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00DBBBB3
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7579040cd29707b4d9d463d72de52ecffd82c974e8c6bb02911982a19096e24c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7767d8ca332a5e78079469da5f6e72aa9b9b82d8f18a195f009904c47c53abc8
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7579040cd29707b4d9d463d72de52ecffd82c974e8c6bb02911982a19096e24c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1617C31208241EFD714DF14C890E6ABBE5FF84318F58855DF49A8B2A2DB71ED45CBA2
                                                                                                                                                                                                                                                                                                                                                                        Function 00D98BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00D98BCD
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32 ref: 00D98C3E
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32 ref: 00D98C9D
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00D98D10
                                                                                                                                                                                                                                                                                                                                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00D98D3B
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 275cdfed2978dc5238f4ccade96b9d332e8fb0347ac3e09de9ca990d0bb3b1df
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 999c592c37a5f3696dd2078d6b9aac8dc94f53e32aa82d1b217351b9aabe86f1
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 275cdfed2978dc5238f4ccade96b9d332e8fb0347ac3e09de9ca990d0bb3b1df
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9515C75A0021ADFCB14CF68C894EAAB7F4FF89710B158559E909DB350D730E911CFA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00DA8BAE
                                                                                                                                                                                                                                                                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00DA8BDA
                                                                                                                                                                                                                                                                                                                                                                        • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00DA8C32
                                                                                                                                                                                                                                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00DA8C57
                                                                                                                                                                                                                                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00DA8C5F
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f3bdf3873e44d125c40e91914164c635e6b418d5c74e7f3ffa143164d627f9cb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 591f7fcc6347a1ca391031a38a003d59dcef0a541c65062f38e4c52979217dd2
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3bdf3873e44d125c40e91914164c635e6b418d5c74e7f3ffa143164d627f9cb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0513975A00619AFCB14DF65C880A69BBF5FF49314F088058E849AB362CB31ED51DFB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00DB8F40
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00DB8FD0
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00DB8FEC
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00DB9032
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00DB9052
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D4F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00DA1043,?,753CE610), ref: 00D4F6E6
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D4F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00D8FA64,00000000,00000000,?,?,00DA1043,?,753CE610,?,00D8FA64), ref: 00D4F70D
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 805b663179c1f01cbc9040a41b508a4aba6ee7c703dfc8d64259d3751390b219
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 734e6faf3a40d75cbb1ab269cb68e74cdbe7cf50e3efa4477c6049a823ff5537
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 805b663179c1f01cbc9040a41b508a4aba6ee7c703dfc8d64259d3751390b219
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42512A35605245DFCB15EF58C4948ADBBF1FF49324F098099E90A9B362DB31ED86CBA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00DC6C33
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,?), ref: 00DC6C4A
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00DC6C73
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00DAAB79,00000000,00000000), ref: 00DC6C98
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00DC6CC7
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7c8f9d7e55b3a6a151b9714ca2a7333006d5123684d5acc9094c8d065a59e3b2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 680da80da481e65fcef676162aadcd8cfd9c7d239a27e102907ba26b16554de4
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c8f9d7e55b3a6a151b9714ca2a7333006d5123684d5acc9094c8d065a59e3b2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6841A135A04106AFDB25CF28CE58FA97FA5EB49350F18026CF999A72E1C371ED41CA60
                                                                                                                                                                                                                                                                                                                                                                        Function 00D62051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 257cf50f8c53556ff26bcff98b05af6421aad17f810453945ae5d467142f10a0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b6ddeeb2831be5ed08544cb27599a44627878583a42168477f2bc27cd0f97198
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 257cf50f8c53556ff26bcff98b05af6421aad17f810453945ae5d467142f10a0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E41E232A00704AFCB24DF78C981A6DB3F5EF89314F194569E915EB355DB31AD01CBA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D4912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00D49141
                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(00000000,?), ref: 00D4915E
                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000001), ref: 00D49183
                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000002), ref: 00D4919D
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9940ea8a5b310586f65a4045df333f61414bc9a49933fe8083d801c47e334634
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6aa031139fef8860392f151f7a06a3b2a91f34e97f966c0cd8ff6aac12b96778
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9940ea8a5b310586f65a4045df333f61414bc9a49933fe8083d801c47e334634
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 12414F71A0861BBBDF15AF65C858BEEF774FB05320F248219E469A72D4C730A950CBB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetInputState.USER32 ref: 00DA38CB
                                                                                                                                                                                                                                                                                                                                                                        • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00DA3922
                                                                                                                                                                                                                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 00DA394B
                                                                                                                                                                                                                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00DA3955
                                                                                                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00DA3966
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 18a165692381ba7ed9b175820311db1a531111c541ee68e0b81efadd3cb4fc86
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4acd34be0cf66e08e009099adc1afc1cb3833e43a5b506c7f28f1d05d0952e32
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 18a165692381ba7ed9b175820311db1a531111c541ee68e0b81efadd3cb4fc86
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4531C4709043429FEB35CB759848BB737A9EB07344F08456DF4A6D61A0E3B99A89CF31
                                                                                                                                                                                                                                                                                                                                                                        Function 00DACF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00DAC21E,00000000), ref: 00DACF38
                                                                                                                                                                                                                                                                                                                                                                        • InternetReadFile.WININET(?,00000000,?,?), ref: 00DACF6F
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,?,?,?,00DAC21E,00000000), ref: 00DACFB4
                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,00DAC21E,00000000), ref: 00DACFC8
                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,00DAC21E,00000000), ref: 00DACFF2
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 64edcc07b2270bacef0aa39abb5097ff60c7e16c254e21b2386c9131b3a3b745
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b932c3e7f8970ad08fe760eef2edf46a9c2a84050b1b728c0be0a3ff74e7705c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 64edcc07b2270bacef0aa39abb5097ff60c7e16c254e21b2386c9131b3a3b745
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C316B71915306AFDB20DFA5C884AAABBF9EF05320B14542EF50AD2250EB30EE41DB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D91901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00D91915
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000001,00000201,00000001), ref: 00D919C1
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?), ref: 00D919C9
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000001,00000202,00000000), ref: 00D919DA
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00D919E2
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0c7cfa55c1e3b7d5cc20d50319aec3a50d40286148735e9fd1623ef78baa03d9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 40f522849a84d44e1d94cc71a007d87507d83ba3086bc9a286cfeefed79eb10f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c7cfa55c1e3b7d5cc20d50319aec3a50d40286148735e9fd1623ef78baa03d9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD31AD75A0021AEFDF00CFA8C999ADE3BB5EB04315F144229FA65E72D1C7709944CFA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00DC5745
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 00DC579D
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DC57AF
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DC57BA
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00DC5816
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6f2491d70cf3b89176a47507149f8ae12ba47ccd1f3f0989038f37fd961fe841
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: aa329a85b31db24ef610c5ae2ed98a96cf2353d1c103bdbd1bda358e4e110923
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f2491d70cf3b89176a47507149f8ae12ba47ccd1f3f0989038f37fd961fe841
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B821803190461A9ADB208F60DC85EEE77B8EF05324F14825AE929EB1C4D770A9C6CF70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • IsWindow.USER32(00000000), ref: 00DB0951
                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00DB0968
                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00DB09A4
                                                                                                                                                                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,?,00000003), ref: 00DB09B0
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000003), ref: 00DB09E8
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d72f9509044ea390cca437adaf6c88b9ed7cf028026d105683c2a04e3a6ca5e8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 52649c4e9614d4ece6e2de3ca0ad4ab10e33bb34e36be22b34eb8bf1e62a3192
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d72f9509044ea390cca437adaf6c88b9ed7cf028026d105683c2a04e3a6ca5e8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB216F35600205AFD704EF65C984EAEBBE9EF49740F048069F94AD7762CB70AD04CB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D6CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 00D6CDC6
                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D6CDE9
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D63820: RtlAllocateHeap.NTDLL(00000000,?,00E01444,?,00D4FDF5,?,?,00D3A976,00000010,00E01440,00D313FC,?,00D313C6,?,00D31129), ref: 00D63852
                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00D6CE0F
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6CE22
                                                                                                                                                                                                                                                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00D6CE31
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a366c51fb5fdc88c657629758821412f6f2de66c6fde8ee9962242fc05bbec31
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4432435b67e5b24faceb4184133764018e9331c9bec1b36d5d93eeb05e1d4f78
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a366c51fb5fdc88c657629758821412f6f2de66c6fde8ee9962242fc05bbec31
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7901A772A227167F232156B66C8CD7F7A7DDEC6FA13191129FE49C7202EA66CD0181F0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D49639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00D49693
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00D496A2
                                                                                                                                                                                                                                                                                                                                                                        • BeginPath.GDI32(?), ref: 00D496B9
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00D496E2
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8fa70b406fb581696cfe069c218070dee82d25b7a03dea569d2e8f8c80e18123
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 68995d19a2337261ed9c2a70a1b44cf86f4d6d1a97a1e733af059214a9a67f52
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8fa70b406fb581696cfe069c218070dee82d25b7a03dea569d2e8f8c80e18123
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02219530812306EFDB119F67EC28BAA7B64BB90365F550255F454BA1B0D37198DACFB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D95711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9c8ef76d984fb0ec2c1346f46a21d468e7d0f7a434900a5d5e94552049e615a8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 567a8fed55e40835bbdff6af086cefe1a0cce5477d29a0dc1765480e23d6b63c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c8ef76d984fb0ec2c1346f46a21d468e7d0f7a434900a5d5e94552049e615a8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD01D26524160ABEAF095A50BE92FFA635EDB21395B144034FD049B245F730EE1883B0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D62DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00D5F2DE,00D63863,00E01444,?,00D4FDF5,?,?,00D3A976,00000010,00E01440,00D313FC,?,00D313C6), ref: 00D62DFD
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D62E32
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D62E59
                                                                                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,00D31129), ref: 00D62E66
                                                                                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,00D31129), ref: 00D62E6F
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d7064290a1f8a082101c6f1436dd585cfe7312dc87caade210cc2c5873358940
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cfeea767788e550f8117a42e6a5440465225a0147b37f9c22ec13a80f08304e4
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7064290a1f8a082101c6f1436dd585cfe7312dc87caade210cc2c5873358940
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5301FF36685F026BC61227346C4AE3B266DEBD53B1B294039F965E22D3EB22CC118530
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D8FF41,80070057,?,?,?,00D9035E), ref: 00D9002B
                                                                                                                                                                                                                                                                                                                                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D8FF41,80070057,?,?), ref: 00D90046
                                                                                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D8FF41,80070057,?,?), ref: 00D90054
                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D8FF41,80070057,?), ref: 00D90064
                                                                                                                                                                                                                                                                                                                                                                        • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D8FF41,80070057,?,?), ref: 00D90070
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ec66db748232ad0634981e2a1ee66987dabbeb7e8cac83f2402298e698d1f214
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0431c6189e45ae5b89d326cb7bf2e43f383dffea3d7fee0ca774de9b34270dbd
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec66db748232ad0634981e2a1ee66987dabbeb7e8cac83f2402298e698d1f214
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC017872610206AFDB118F68EC05FAA7EADEF48792F185124FA09D2210E771DD408BB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00D9E997
                                                                                                                                                                                                                                                                                                                                                                        • QueryPerformanceFrequency.KERNEL32(?), ref: 00D9E9A5
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 00D9E9AD
                                                                                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00D9E9B7
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 00D9E9F3
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5f28a0e8d4d47d73a0c3e2fbada58dc67336f4310c37b7eb0c9d71ffff541db0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e13fbd8be9480574a7580650215aa01981a7b44f8a1c622d24dce5f507c3b124
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5f28a0e8d4d47d73a0c3e2fbada58dc67336f4310c37b7eb0c9d71ffff541db0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D0011731E0162AEBCF00EBE9DC59AEDFB78FB09701F050956E646B2241DB3099558BB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D910F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00D91114
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,00000000,?,?,00D90B9B,?,?,?), ref: 00D91120
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00D90B9B,?,?,?), ref: 00D9112F
                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00D90B9B,?,?,?), ref: 00D91136
                                                                                                                                                                                                                                                                                                                                                                        • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00D9114D
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 56412a01054501777b424ac9cbfcba549139d31218250b3b6d1689c9527d9575
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: edaa61ac83f79de0a7f1748d3a28e673d75adf6f6e7dab021f054baf16c64f8e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 56412a01054501777b424ac9cbfcba549139d31218250b3b6d1689c9527d9575
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9401F679210306BFDB114BA5DC49E6A3B6EEF892A0B244419FA49D6360DB31DC019A70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D90FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00D90FCA
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00D90FD6
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00D90FE5
                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00D90FEC
                                                                                                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00D91002
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6df00d2b392b1981ab5f2b6b8badafe40c9e714154aaf317014a7d08e6c40602
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 218f957f45ed86106664da36adba0dc86e94945d21cb6e8adff6c865fbd8b411
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6df00d2b392b1981ab5f2b6b8badafe40c9e714154aaf317014a7d08e6c40602
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4CF04939210303ABDB214FA5AC4AF563BADFF89762F144414FA49C6351CA71DC40CA70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D91014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00D9102A
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00D91036
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D91045
                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00D9104C
                                                                                                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D91062
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 97d505ec84626bb51923cddec3b00858a914fa54a6f56762660c567733909ec2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 39ffef2b287b3d3788a09305ca2b2b01d5d17885d6e18865fce549f6f4998a93
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 97d505ec84626bb51923cddec3b00858a914fa54a6f56762660c567733909ec2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8F06D39210303EBDB215FA5EC4AF563BADFF897A1F140414FA49C7350CA71D8408A70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00DA017D,?,00DA32FC,?,00000001,00D72592,?), ref: 00DA0324
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00DA017D,?,00DA32FC,?,00000001,00D72592,?), ref: 00DA0331
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00DA017D,?,00DA32FC,?,00000001,00D72592,?), ref: 00DA033E
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00DA017D,?,00DA32FC,?,00000001,00D72592,?), ref: 00DA034B
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00DA017D,?,00DA32FC,?,00000001,00D72592,?), ref: 00DA0358
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00DA017D,?,00DA32FC,?,00000001,00D72592,?), ref: 00DA0365
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ec3888ae5a733087e3969aa508f718b65a3aa36f8385ec5de800d780f1415ce0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b1c4f75ca0b3e1a1df5b4b6a7ca436b2b4bc561760a848666d74d94b264ecf2c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec3888ae5a733087e3969aa508f718b65a3aa36f8385ec5de800d780f1415ce0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4801AE72800B159FCB30AF66D880812FBF9BF613153198A3FD19652931C3B1A958DFA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D6D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6D752
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00D6D7D1,00000000,00000000,00000000,00000000,?,00D6D7F8,00000000,00000007,00000000,?,00D6DBF5,00000000), ref: 00D629DE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D629C8: GetLastError.KERNEL32(00000000,?,00D6D7D1,00000000,00000000,00000000,00000000,?,00D6D7F8,00000000,00000007,00000000,?,00D6DBF5,00000000,00000000), ref: 00D629F0
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6D764
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6D776
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6D788
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6D79A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 16976078219b53ae9c84600bc8ada75c01f5e61d32e7fd17224426d0408ad0f6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 30560401ade46a9ff60c37eb5ab38f92cd483587d0d6b1f8e4b7ace31bdf3111
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16976078219b53ae9c84600bc8ada75c01f5e61d32e7fd17224426d0408ad0f6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9EF01232B94748AB8625EB64FAC5C2677DEFB44751BA85806F449D7601CB30FC80CE75
                                                                                                                                                                                                                                                                                                                                                                        Function 00D95C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00D95C58
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 00D95C6F
                                                                                                                                                                                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 00D95C87
                                                                                                                                                                                                                                                                                                                                                                        • KillTimer.USER32(?,0000040A), ref: 00D95CA3
                                                                                                                                                                                                                                                                                                                                                                        • EndDialog.USER32(?,00000001), ref: 00D95CBD
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0bbe187f3da50715bd923f4270638ff549817383af39d73b3b46d3999161f560
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e2e7ff58f21d410a672fcf4735150cd4c0c4384561ed9236bfb9de02160ef877
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0bbe187f3da50715bd923f4270638ff549817383af39d73b3b46d3999161f560
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC018630550B05ABEF215B10EE4EFA677B8FB00B05F041569E787A15E1DBF0A9848FB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D622A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D622BE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00D6D7D1,00000000,00000000,00000000,00000000,?,00D6D7F8,00000000,00000007,00000000,?,00D6DBF5,00000000), ref: 00D629DE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D629C8: GetLastError.KERNEL32(00000000,?,00D6D7D1,00000000,00000000,00000000,00000000,?,00D6D7F8,00000000,00000007,00000000,?,00D6DBF5,00000000,00000000), ref: 00D629F0
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D622D0
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D622E3
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D622F4
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D62305
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fad8565cdb62d05057c609b34be1bb18735495e3d4b093f8b08b8fe657817570
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b6b916bed622a01396b775bb2f797c7c798dcecba5ddf983b7ad8c18e2472d25
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fad8565cdb62d05057c609b34be1bb18735495e3d4b093f8b08b8fe657817570
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CEF05E70A50A658FC71AAF95BC019283BA4F7187A1B05554BF410F63B9CB3208A5FFF5
                                                                                                                                                                                                                                                                                                                                                                        Function 00D495C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • EndPath.GDI32(?), ref: 00D495D4
                                                                                                                                                                                                                                                                                                                                                                        • StrokeAndFillPath.GDI32(?,?,00D871F7,00000000,?,?,?), ref: 00D495F0
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00D49603
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32 ref: 00D49616
                                                                                                                                                                                                                                                                                                                                                                        • StrokePath.GDI32(?), ref: 00D49631
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f5c319dce524755abc9e91d25787d3a23c5e7ca62b7105325100999bfdab8408
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fc2a0d48ab8b42edc6b4a4adb3bddeb583e4e4e2e9313cdb632f4d61430a7342
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5c319dce524755abc9e91d25787d3a23c5e7ca62b7105325100999bfdab8408
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4F01931005306EFDB125F67ED2CB653B61AB80362F588254F569A91F0C7328999DF30
                                                                                                                                                                                                                                                                                                                                                                        Function 00D60F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                                        • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ba04c1dd9d4b420c78dec39ae2decf088c514a48f0bc0aede35a98a887dfa86a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b87a06bba6445d6aec4eaa8bad2383f0ef1ab32f9b9b7e4f91a793f05e4ea445
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba04c1dd9d4b420c78dec39ae2decf088c514a48f0bc0aede35a98a887dfa86a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7D1F039900206DBDB289F68C856BFAB7B1FF16300F2C4259E946AB750D3759D80CBB5
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB61D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D50242: EnterCriticalSection.KERNEL32(00E0070C,00E01884,?,?,00D4198B,00E02518,?,?,?,00D312F9,00000000), ref: 00D5024D
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D50242: LeaveCriticalSection.KERNEL32(00E0070C,?,00D4198B,00E02518,?,?,?,00D312F9,00000000), ref: 00D5028A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D500A3: __onexit.LIBCMT ref: 00D500A9
                                                                                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00DB6238
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D501F8: EnterCriticalSection.KERNEL32(00E0070C,?,?,00D48747,00E02514), ref: 00D50202
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D501F8: LeaveCriticalSection.KERNEL32(00E0070C,?,00D48747,00E02514), ref: 00D50235
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DA359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00DA35E4
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DA359C: LoadStringW.USER32(00E02390,?,00000FFF,?), ref: 00DA360A
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                                                                                                                                                                                                                                                                                                                                        • String ID: x#$x#$x#
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1072379062-1894725482
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7b0f58af7156b2fba67b30a70c196d305f3f9bda7d96922843ecb5266a915210
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 92e9c0407dabdab98ce624159bf42b9526c0fd4bb0faab5272bcb21872a05ae2
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b0f58af7156b2fba67b30a70c196d305f3f9bda7d96922843ecb5266a915210
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0C14A71A00105EFDB24DF98C895EEEB7B9EF48300F148069E946AB291DB74E945CBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB7B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D50242: EnterCriticalSection.KERNEL32(00E0070C,00E01884,?,?,00D4198B,00E02518,?,?,?,00D312F9,00000000), ref: 00D5024D
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D50242: LeaveCriticalSection.KERNEL32(00E0070C,?,00D4198B,00E02518,?,?,?,00D312F9,00000000), ref: 00D5028A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D500A3: __onexit.LIBCMT ref: 00D500A9
                                                                                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00DB7BFB
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D501F8: EnterCriticalSection.KERNEL32(00E0070C,?,?,00D48747,00E02514), ref: 00D50202
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D501F8: LeaveCriticalSection.KERNEL32(00E0070C,?,00D48747,00E02514), ref: 00D50235
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 535116098-3733170431
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b459c6011c92e4a9eb7c2d9d68d1db514e7af74a6c56dba2f4f519cee3d26b8a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4ecde2f70b94279537968d22c8cda5404252011270f7d6cf18d58ad48d82d0b8
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b459c6011c92e4a9eb7c2d9d68d1db514e7af74a6c56dba2f4f519cee3d26b8a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4916974A04209EFCB14EF54D8919EDBBB1EF88300F148059F846AB292DB71AE85CB71
                                                                                                                                                                                                                                                                                                                                                                        Function 00D92716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00D921D0,?,?,00000034,00000800,?,00000034), ref: 00D9B42D
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00D92760
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00D921FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00D9B3F8
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00D9B355
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00D92194,00000034,?,?,00001004,00000000,00000000), ref: 00D9B365
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00D92194,00000034,?,?,00001004,00000000,00000000), ref: 00D9B37B
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00D927CD
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00D9281A
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 44db225e8f72893d45239c52e0c39301d8f87ac7c2c8947ced80536e1829aea7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d2356356b609f7597f7d33314351baccb42417d025776b21f1e1dd637272e11b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44db225e8f72893d45239c52e0c39301d8f87ac7c2c8947ced80536e1829aea7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA412676900219BEDF10DBA4D982EEEBBB8EF09310F004099EA55B7191DA706E45CBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D6172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\nmy4mJXEaz.exe,00000104), ref: 00D61769
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D61834
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00D6183E
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                                        • String ID: C:\Users\user\Desktop\nmy4mJXEaz.exe
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2506810119-1762999198
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a810816ef223f9d240866ec20bd3c17b94b7d7ab66fb2056fe26e7a2ae37cc76
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4a15508833d44d884cd2ab3532b033142bc4ea39157b532d04d280a065564f93
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a810816ef223f9d240866ec20bd3c17b94b7d7ab66fb2056fe26e7a2ae37cc76
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D316179A00258FFDB21DB999885D9EBBFCEB85310B1841A6F804E7211D6708E44DBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00D9C306
                                                                                                                                                                                                                                                                                                                                                                        • DeleteMenu.USER32(?,00000007,00000000), ref: 00D9C34C
                                                                                                                                                                                                                                                                                                                                                                        • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00E01990,01036438), ref: 00D9C395
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5a75aaa133dbd0f7b0e4bf6f9a1e8c69af3ed299a307e04f1cea98dc2df2b629
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: efc24f517770b35f780d27b88303dd4db5d61610d611294f461bce213aba250d
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a75aaa133dbd0f7b0e4bf6f9a1e8c69af3ed299a307e04f1cea98dc2df2b629
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9419F712143029FDB20DF29D885B5ABBE4EF85320F149A1DF9A5972D1D770E904CB72
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00DCCC08,00000000,?,?,?,?), ref: 00DC44AA
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32 ref: 00DC44C7
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DC44D7
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                        • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ca45a54944a135c412eca7a7132e397414f82df214ddf06ddfb03798113cc8ea
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 35006ebafdaf0be9b7f56db10021dafb03c43f5d1fe3e554f17721b7a133f113
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca45a54944a135c412eca7a7132e397414f82df214ddf06ddfb03798113cc8ea
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36316A31214606AFDB258E78DC55FEA7BA9EB08324F244719F979932E0D770A8509770
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00DB335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00DB3077,?,?), ref: 00DB3378
                                                                                                                                                                                                                                                                                                                                                                        • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00DB307A
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DB309B
                                                                                                                                                                                                                                                                                                                                                                        • htons.WSOCK32(00000000,?,?,00000000), ref: 00DB3106
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e004da45cee0693e5e5c7526c59451c82124fcb39ee1fbb503b149461eabe9e5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5a3d7263c6422883a079aeca891a8e6aca6d19f499905287c88ada925b98023e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e004da45cee0693e5e5c7526c59451c82124fcb39ee1fbb503b149461eabe9e5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A31AF39604205DFCB10DF28C885EAA77E4EF54358F688059E9168B392DB72EE45DB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00DC4705
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00DC4713
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00DC471A
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8dbb128f541bba4dce1a01f08f5e86e86df7ef3fb0addb8609ad900a488f4cce
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b11ce1c3b50357b57bf373ae71e672a72c33aaecebda0f504410aad1d5fc6477
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8dbb128f541bba4dce1a01f08f5e86e86df7ef3fb0addb8609ad900a488f4cce
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 702131B560020AAFDB11DF64DC91EB737ADEF5A364B040059FA049B391D771EC51CA70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D995AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e6fcb208601323762d26cd42680e1357c0f136f7be0e07fb2d07064d92cde3b0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f94275f82a941ab2cfe7ce3e2cd7d43fec8de15be8bb1305c5617b85dc8964c1
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6fcb208601323762d26cd42680e1357c0f136f7be0e07fb2d07064d92cde3b0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C21087220455166DB31AB2C9C22FB7F3A9DF51311F18402EFD4997141EB51ED45C2F6
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00DC3840
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00DC3850
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00DC3876
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3c0468bfc78c0f22c4e004954022252ba9294749a9e4c1b1abb523d7d0016102
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c5d670336002b6d53002eec094216a9fe2b6472de9f5a0019f33d24053067d1b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c0468bfc78c0f22c4e004954022252ba9294749a9e4c1b1abb523d7d0016102
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49217C7261021ABBEB219F54DC85FAB376AEF89750F158128FA049B190C672DC528BB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00DA4A08
                                                                                                                                                                                                                                                                                                                                                                        • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00DA4A5C
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,?,?,00DCCC08), ref: 00DA4AD0
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                        • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1bd4b3c6005ecee2cc9917f0dfff3fad295b625071a15f77ae3244e1c0aa45a5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 60152ec0d4d2dfe7d955ed7fd44cc2d2a848c7262150e2f86a61db4764a1d126
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1bd4b3c6005ecee2cc9917f0dfff3fad295b625071a15f77ae3244e1c0aa45a5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67310C75A00209AFDB10DF54C985EAABBF8EF49308F1880A9E909DB252D771ED45CB71
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00DC424F
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00DC4264
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00DC4271
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bb1cbe1a0a634907b9aaf6f39c525319738145639874cb022c1ed9ed7c134ccf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 69f419456e3deb73a03af22b38af3d4d73e9e9e46dd32e3709bca1c5d2cab944
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb1cbe1a0a634907b9aaf6f39c525319738145639874cb022c1ed9ed7c134ccf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D110631240209BEEF205F29CC06FAB7BACEF85B54F014118FA55E70A0D271DC519B34
                                                                                                                                                                                                                                                                                                                                                                        Function 00D92F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D36B57: _wcslen.LIBCMT ref: 00D36B6A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D92DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00D92DC5
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D92DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D92DD6
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D92DA7: GetCurrentThreadId.KERNEL32 ref: 00D92DDD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D92DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00D92DE4
                                                                                                                                                                                                                                                                                                                                                                        • GetFocus.USER32 ref: 00D92F78
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D92DEE: GetParent.USER32(00000000), ref: 00D92DF9
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00D92FC3
                                                                                                                                                                                                                                                                                                                                                                        • EnumChildWindows.USER32(?,00D9303B), ref: 00D92FEB
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1e6ae46e6729868b3e84bb3152860c050968d15b37d3da67d0d98c7e09fd48d8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2d8ab1d81d7e4a8210bc4608f16e7b58ed70aff8f360af340b4297fe4566159f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e6ae46e6729868b3e84bb3152860c050968d15b37d3da67d0d98c7e09fd48d8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA1181716002066BCF147F749C89EFE776AEF94304F049075FA0D9B292DE7099498B70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00DC58C1
                                                                                                                                                                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00DC58EE
                                                                                                                                                                                                                                                                                                                                                                        • DrawMenuBar.USER32(?), ref: 00DC58FD
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5c63e6c1a0a434224ba2ac2e8dcbf7b7ad443b727adeb89843eca50a7dcd2881
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4c62a02ec9077974759f0fa3360c8fa783e6f1bdae04a43224307fba41c958e5
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c63e6c1a0a434224ba2ac2e8dcbf7b7ad443b727adeb89843eca50a7dcd2881
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04015B3151021AEFDB219F11EC44FAEBBB8FB45361F1480A9F949D6261DB309A85DF31
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 061bad8f35c7b1f2d8e0a19acfdd98253492505a7c57795b6de17c7f2bdf49a8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 34075b9fb1db26d24bd277a555d7fc3d827329f5db789dfedb7c176a3c54a3c6
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 061bad8f35c7b1f2d8e0a19acfdd98253492505a7c57795b6de17c7f2bdf49a8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0C17C75A00216EFCB14DFA8D894EAEBBB5FF48704F248598E905EB251D731ED41CBA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D63E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8c19ff34cebc753afb7fdf1985f9fd4d7a58b899b85e583d98c2e0485abbef46
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7BA16975E007969FEB25CF28C8917AEBBF4EF66350F18416DE5859B282C2388D81C770
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7121dff690a1cfbacf909691d7e366fa7f30d0b45164656587aba2c2610c1be8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ad279e355e404b381693adaf4e3beebde8ef7c3495218dc506c0ebc925e88b45
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7121dff690a1cfbacf909691d7e366fa7f30d0b45164656587aba2c2610c1be8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AEA11575604601DFCB14DF29C485A6AB7E5FF88714F048859F98A9B362DB30EE01DBB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D90436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00DCFC08,?), ref: 00D905F0
                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00DCFC08,?), ref: 00D90608
                                                                                                                                                                                                                                                                                                                                                                        • CLSIDFromProgID.OLE32(?,?,00000000,00DCCC40,000000FF,?,00000000,00000800,00000000,?,00DCFC08,?), ref: 00D9062D
                                                                                                                                                                                                                                                                                                                                                                        • _memcmp.LIBVCRUNTIME ref: 00D9064E
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8446d717d3da0a725c093c7e381b3dcc7b84c18e6cd41ed4dff011c98933b1c3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 032f29d55b103af352b2d66c26ab3c95ce13c91b88804c4649dbf0d08d9ad0c5
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8446d717d3da0a725c093c7e381b3dcc7b84c18e6cd41ed4dff011c98933b1c3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F281E875A00209EFCF04DF94C984EEEBBB9FF89315F244558E516AB250DB71AE06CB60
                                                                                                                                                                                                                                                                                                                                                                        Function 00DBA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00DBA6AC
                                                                                                                                                                                                                                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 00DBA6BA
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 00DBA79C
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00DBA7AB
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D4CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00D73303,?), ref: 00D4CE8A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 475fdb5a63172710cd3fc4dc83b00baa8ebfea885c8d14bbc35137f8532e623a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 60378e1c6806c5efe71603a3101acaa1cf9fd609829abe81f200190e60181c00
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 475fdb5a63172710cd3fc4dc83b00baa8ebfea885c8d14bbc35137f8532e623a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87514C71508301AFD710EF25C886A6BBBE8FF89754F44891DF58A97251EB70D904CBB2
                                                                                                                                                                                                                                                                                                                                                                        Function 00D71391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1719646aeee272d5dbf73c9daadbfb49433c5609521e192c62348df4ffdac3ca
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 62c08f4c0648c2fa88c1e4e12a43e97a13903799374c814ac43495cf836eab94
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1719646aeee272d5dbf73c9daadbfb49433c5609521e192c62348df4ffdac3ca
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96416C79A00210ABDF256BFC9C46ABE3AA5EF41374F28C325FC1DD7291F63488415271
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00DC62E2
                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00DC6315
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00DC6382
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 648d3d4331863cfdeb37da7b80e17bdb563dcbb7e6afb538cd9dcbc4ce350d30
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6cc86ea56d0680463f1dea4b6bb00ef956058b8f4936eabd79e25c2ed7ee28bc
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 648d3d4331863cfdeb37da7b80e17bdb563dcbb7e6afb538cd9dcbc4ce350d30
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2512C74A0024AEFCB10DF68D980EAE7BB5EF85360F18815DF9159B2A0D731ED81CB60
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000002,00000011), ref: 00DB1AFD
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 00DB1B0B
                                                                                                                                                                                                                                                                                                                                                                        • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00DB1B8A
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 00DB1B94
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bf6e05d168138d2b93f0f515aae27dba0b724aa3380a33c50e153b79b2ed7306
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e9fa76907b6e56d723d67749de2d058f8855024d0d57f2a495b3c1207156597a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf6e05d168138d2b93f0f515aae27dba0b724aa3380a33c50e153b79b2ed7306
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB41A078600200AFE720AF24C886F667BE5EB45718F588448FA1A9F3D2D672DD41CBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D6B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7985764fbfdb1736019c6217de67a360c44d5d7d1c7c9ebb0f0189be69bb9b19
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4d8b33b693b9483532078c6dd6b2ff82a7f001143bad82afbf0c7f242f10752b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7985764fbfdb1736019c6217de67a360c44d5d7d1c7c9ebb0f0189be69bb9b19
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20412B75A00714BFD724AF38CC41BAA7BE9EB84720F10852BF546DB291D771A94187B0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00DA5783
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 00DA57A9
                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00DA57CE
                                                                                                                                                                                                                                                                                                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00DA57FA
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7b2d8f89ac3de9bea857a0d4ed5780a29f5342ea3c15d6fd21f751b097ffae46
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 93b608ebd442c8c0baebd04384c0a11794c161d24b4c161543f98da3c1982e99
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b2d8f89ac3de9bea857a0d4ed5780a29f5342ea3c15d6fd21f751b097ffae46
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9410C39600A15DFCB25DF15C544A59BBE2EF89320F198488E94AAB362CB34FD41CBB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D6D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00D56D71,00000000,00000000,00D582D9,?,00D582D9,?,00000001,00D56D71,8BE85006,00000001,00D582D9,00D582D9), ref: 00D6D910
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00D6D999
                                                                                                                                                                                                                                                                                                                                                                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00D6D9AB
                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00D6D9B4
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D63820: RtlAllocateHeap.NTDLL(00000000,?,00E01444,?,00D4FDF5,?,?,00D3A976,00000010,00E01440,00D313FC,?,00D313C6,?,00D31129), ref: 00D63852
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 623799092d70011e3029f7b3b55bd597f4de88a01cd6e5f3c41c55b26dd53ebc
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b99e208803a936a12cb467d27d3ecb856541d73f09a98cddd672f5a4d47085ca
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 623799092d70011e3029f7b3b55bd597f4de88a01cd6e5f3c41c55b26dd53ebc
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7931BC72A0020AABDF24DF65EC45EAF7BA6EB41310B094269FC08D7250EB35CD54CBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00D9AAAC
                                                                                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(00000080), ref: 00D9AAC8
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00D9AB36
                                                                                                                                                                                                                                                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00D9AB88
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7b0d04c50044057bb061ba14509d321020fb1d8c883df7f4372297fa7c547881
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c7b6e56aeb09b55dc26ef015d44dd18ddc52d6e313622a9a20bf69587df069ce
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b0d04c50044057bb061ba14509d321020fb1d8c883df7f4372297fa7c547881
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4312832A40218AFFF348B6C8C05BFA7BA6AB45318F08421AF1C5961D0D7748981C7F2
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00DC5352
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00DC5375
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DC5382
                                                                                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00DC53A8
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1a53edd0e7babe9cd4f06d53e9f9ff930acb30946596fe1468d23eaa59ceed6f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b6d35ba01565dea2e0886ebefd1c2c423b476705907ab08b49364731489db208
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a53edd0e7babe9cd4f06d53e9f9ff930acb30946596fe1468d23eaa59ceed6f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A31F230B55A8AEFEB309A54EC05FE83761AB04390F5C410AFA51972E5C7B1B9C09B71
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?,00000000,00000011), ref: 00D9ABF1
                                                                                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(00000080), ref: 00D9AC0D
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000000), ref: 00D9AC74
                                                                                                                                                                                                                                                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,00000000,00000011), ref: 00D9ACC6
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a05d0a771cee7b4010b382d0d87a06771f28dc63c0dc7ccbe4a14633ecb8d098
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8b9464ddee89c3034d70bef1dc67c10e5a8dac5f78b7ddb7f5088da1774f470f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a05d0a771cee7b4010b382d0d87a06771f28dc63c0dc7ccbe4a14633ecb8d098
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39313736A403196FEF34CB6D8C04BFA7BA5AB89311F08471AE4859B2D0C374898187F2
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 00DC769A
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00DC7710
                                                                                                                                                                                                                                                                                                                                                                        • PtInRect.USER32(?,?,00DC8B89), ref: 00DC7720
                                                                                                                                                                                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 00DC778C
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7a11634fc036dbab91c40110379bb3b497044d7bb03a5008fa19a96e79ef8e40
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b70e709497948cdde3d9d780c0bc92ac661a52c1869fbb1272f6b5633e001a6c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a11634fc036dbab91c40110379bb3b497044d7bb03a5008fa19a96e79ef8e40
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA417C3460521A9FCB01CF69C894FA977F5FB49314F1941ACE514AB2A1C731E986CFA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00DC16EB
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D93A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D93A57
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D93A3D: GetCurrentThreadId.KERNEL32 ref: 00D93A5E
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D93A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00D925B3), ref: 00D93A65
                                                                                                                                                                                                                                                                                                                                                                        • GetCaretPos.USER32(?), ref: 00DC16FF
                                                                                                                                                                                                                                                                                                                                                                        • ClientToScreen.USER32(00000000,?), ref: 00DC174C
                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00DC1752
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f22de12c006f5959d3641cead01e38f13d4cd72e26c1fa5a6b8c4a3eda1344cb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a1f931b36f24f7a60907c100ce80a34436e212a7ae8dd1a3b3e89a74f6090f17
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f22de12c006f5959d3641cead01e38f13d4cd72e26c1fa5a6b8c4a3eda1344cb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D313075D10249AFCB04EFA9C881DAEB7F9EF49304B5480A9E415E7252D631DE45CFB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D49BB2
                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00DC9001
                                                                                                                                                                                                                                                                                                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00D87711,?,?,?,?,?), ref: 00DC9016
                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00DC905E
                                                                                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00D87711,?,?,?), ref: 00DC9094
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b3079c45e2921ba91e687d891f40323b88d62ed2292dadda6849c92f75005c30
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 771779d2cd32bb8302b653d5ac6ef855a12c8b0946127858a42702d6144e29dd
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3079c45e2921ba91e687d891f40323b88d62ed2292dadda6849c92f75005c30
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9521A135610119EFCB258F95CC68FFABBB9EF89350F044159F9059B261C3319990EB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?,00DCCB68), ref: 00D9D2FB
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D9D30A
                                                                                                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00D9D319
                                                                                                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00DCCB68), ref: 00D9D376
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1ad99a4d15d17a23913ede7014f39fa4634d2d01ce16de05207af6ce1d57e415
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c87f86b5a8d9c846cf3c66f0b4d19112a025ec0297da01f75e4c2c49a2616169
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ad99a4d15d17a23913ede7014f39fa4634d2d01ce16de05207af6ce1d57e415
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC21A170508302DF8B00DF68C88186AB7E5EF56365F544A1DF499C32A1D730D94ACBB3
                                                                                                                                                                                                                                                                                                                                                                        Function 00D91571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D91014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00D9102A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D91014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00D91036
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D91014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D91045
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D91014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00D9104C
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D91014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D91062
                                                                                                                                                                                                                                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00D915BE
                                                                                                                                                                                                                                                                                                                                                                        • _memcmp.LIBVCRUNTIME ref: 00D915E1
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D91617
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 00D9161E
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: aa0eb1d61e919c3bbdaeb7145c237770df110134ea4c5fb7f798a6f14ecf8ef4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c23dc10379f37ea5a0443a8b36cabc4edfc0513237dc5b745012ee59161be473
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa0eb1d61e919c3bbdaeb7145c237770df110134ea4c5fb7f798a6f14ecf8ef4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D0219A36E4020AEFDF10DFA4C945BEEB7B8EF44344F094459E445AB241E730AA05CBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00DC280A
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00DC2824
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00DC2832
                                                                                                                                                                                                                                                                                                                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00DC2840
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3a39f01e81b40fe56bf8f828626b747a3cbf582b22ca91b7e8beed3e44db3883
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2c242f66737b1a5623068a2bfabd24bfb8edd8e27898d3a0fca7c02d812d0a28
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a39f01e81b40fe56bf8f828626b747a3cbf582b22ca91b7e8beed3e44db3883
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F21B231214612AFD7149B24C884F7A77A5EF45324F14815CF516CB6E2C771EC42C7B0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D978F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D98D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00D9790A,?,000000FF,?,00D98754,00000000,?,0000001C,?,?), ref: 00D98D8C
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D98D7D: lstrcpyW.KERNEL32(00000000,?,?,00D9790A,?,000000FF,?,00D98754,00000000,?,0000001C,?,?,00000000), ref: 00D98DB2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D98D7D: lstrcmpiW.KERNEL32(00000000,?,00D9790A,?,000000FF,?,00D98754,00000000,?,0000001C,?,?), ref: 00D98DE3
                                                                                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00D98754,00000000,?,0000001C,?,?,00000000), ref: 00D97923
                                                                                                                                                                                                                                                                                                                                                                        • lstrcpyW.KERNEL32(00000000,?,?,00D98754,00000000,?,0000001C,?,?,00000000), ref: 00D97949
                                                                                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(00000002,cdecl,?,00D98754,00000000,?,0000001C,?,?,00000000), ref: 00D97984
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6255c76c2b2cfa505e6bba6781fedff0858ea3f9b4fa2c99dc25f8a40e42df1d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 319a045e0b44ff3f3a1b2ec6c97f6bf75ff333c72ed7e7936f96133eda325b6b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6255c76c2b2cfa505e6bba6781fedff0858ea3f9b4fa2c99dc25f8a40e42df1d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8211E13A210302AFCF159F35D844E7A77A9FF85350B14402AF946CB2A4EB319801CBB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00DC7D0B
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00DC7D2A
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00DC7D42
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00DAB7AD,00000000), ref: 00DC7D6B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D49BB2
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 426aeab8f4798e9404f841a60935375e3d7ea54f9c5853c765c9663a9c840f10
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 01388d6506172ebd56bac9ead953922e98cbd5c60618585afff692998d514733
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 426aeab8f4798e9404f841a60935375e3d7ea54f9c5853c765c9663a9c840f10
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60119031614616AFCB109F29DC04FA63BA5AF45360F154728F93ADB2F0D7319991CF60
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001060,?,00000004), ref: 00DC56BB
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DC56CD
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DC56D8
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00DC5816
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 378bcc4de598e99c004729336d4062d7bb764073be95bfae1a6585bc268e908e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e34e24bd7d1b50b62ffe666e139f3d6e57275022d46a88b2791c407d762d4e54
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 378bcc4de598e99c004729336d4062d7bb764073be95bfae1a6585bc268e908e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9511CD3164060A96DF209B61AC85FEE37ACEB11364B14406EF955D7085EB70EAC58F70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D61D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 48575fa20f32321a4ee57327b393c7680828da894663f9a9d1e20baadfbfa551
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8a8a25895aaa16508e1053f80993aa2cd5357093f68c9271fe11bd5307e2d1d9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48575fa20f32321a4ee57327b393c7680828da894663f9a9d1e20baadfbfa551
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1001ADB6609B163FF62126796CC1F27661DDF817B8F3C0326F621A12D2DB618C015970
                                                                                                                                                                                                                                                                                                                                                                        Function 00D91A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00D91A47
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00D91A59
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00D91A6F
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00D91A8A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4d9f2dee350ec4a3ad13233fd872d4b370e4e20d175b8128e4a37501343f809f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 03bc655fbd8df3aa5c5a2c13cf5b4f077509a7eba8f32a739c6f0094a460a810
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d9f2dee350ec4a3ad13233fd872d4b370e4e20d175b8128e4a37501343f809f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A110C3AD4121AFFEF11DBA5CD85FADBB78EB04750F200091E604B7290D6716E51DBA4
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00D9E1FD
                                                                                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(?,?,?,?), ref: 00D9E230
                                                                                                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00D9E246
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00D9E24D
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 54a76fb8997db48cd2d5bb307891d1cd1202686c5cd8c167e93663f5cf45e888
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5067afe95f1c9aa093a7236d5acb28049abfb30392218d4622efa2b900c85169
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 54a76fb8997db48cd2d5bb307891d1cd1202686c5cd8c167e93663f5cf45e888
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74110472904359BFCB01DBE9AC09E9E7FACEB45320F184255F928E7391D6B5C90887B0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D5D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateThread.KERNEL32(00000000,?,00D5CFF9,00000000,00000004,00000000), ref: 00D5D218
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D5D224
                                                                                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00D5D22B
                                                                                                                                                                                                                                                                                                                                                                        • ResumeThread.KERNEL32(00000000), ref: 00D5D249
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3f657bad3bdfc70291fd5500ae142493c7d12b7e6f5faf9accda22cb9bfd313e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a79b5391a5d87e1f62369b243e7d17caa46142cfa35c038efe0aa09694100789
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f657bad3bdfc70291fd5500ae142493c7d12b7e6f5faf9accda22cb9bfd313e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2201D276815305BBCF216BA6DC09FAE7A6ADF82332F240219FD25D61D0DB70C909C6B0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D49BB2
                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00DC9F31
                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00DC9F3B
                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00DC9F46
                                                                                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00DC9F7A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c2ff6d1a1089fd1252455bd39bdb93942bd02cd1184dc06007262ae88fef9904
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 50611f51e0dcc34cbbfc38b3202183115eaf04a5679b81025809dcdc55d19759
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2ff6d1a1089fd1252455bd39bdb93942bd02cd1184dc06007262ae88fef9904
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D11F23291021BEBDB10DFA9D899EEEB7B9EF45311F440459F911E7250D730AA81CBB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D3600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00D3604C
                                                                                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00D36060
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00D3606A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a9903cb72e19a5b21be71e59e705da550397e5a8276f174f21576c28719a77b2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d3cbec7987fceb12b46398ce2d2d5c58a2a147ad06b4fd1ba7b7f76351d09d77
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9903cb72e19a5b21be71e59e705da550397e5a8276f174f21576c28719a77b2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17116D7250160ABFEF164FA49C45EEABB69EF093A4F084215FB1892160D732DC60DBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D53B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • ___BuildCatchObject.LIBVCRUNTIME ref: 00D53B56
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D53AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00D53AD2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D53AA3: ___AdjustPointer.LIBCMT ref: 00D53AED
                                                                                                                                                                                                                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 00D53B6B
                                                                                                                                                                                                                                                                                                                                                                        • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00D53B7C
                                                                                                                                                                                                                                                                                                                                                                        • CallCatchBlock.LIBVCRUNTIME ref: 00D53BA4
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b5930c9db48c05da78defbaeca5984f761e311313fa7f354e3cf2c380d3faa19
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0014C32100148BBDF125E95CC42EEB3F6DEF58799F044014FE5896121C732E965DBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D63073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00D313C6,00000000,00000000,?,00D6301A,00D313C6,00000000,00000000,00000000,?,00D6328B,00000006,FlsSetValue), ref: 00D630A5
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00D6301A,00D313C6,00000000,00000000,00000000,?,00D6328B,00000006,FlsSetValue,00DD2290,FlsSetValue,00000000,00000364,?,00D62E46), ref: 00D630B1
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00D6301A,00D313C6,00000000,00000000,00000000,?,00D6328B,00000006,FlsSetValue,00DD2290,FlsSetValue,00000000), ref: 00D630BF
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: adf679b4834bdb60b9f65137ba63e6674f67d928198c1cf6b07dcdf0f12ba21e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 096079aa3c56c5ba9c31b0b47894903d66ec94dd68d72b2d4112a6df1a8fa8ae
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: adf679b4834bdb60b9f65137ba63e6674f67d928198c1cf6b07dcdf0f12ba21e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4301F732311323ABCB314F79AC44E577B98EF05BA1B140620FA09E3280C721D909C7F0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D97464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00D9747F
                                                                                                                                                                                                                                                                                                                                                                        • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00D97497
                                                                                                                                                                                                                                                                                                                                                                        • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00D974AC
                                                                                                                                                                                                                                                                                                                                                                        • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00D974CA
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 54cc4364378f68bcd4cbd59d32e4438898a0c845acf8d1c4566a75ae81d98050
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8f3f9af99d636e230ca132122912f87c570cc3407fb90174e8729d8f670880a7
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 54cc4364378f68bcd4cbd59d32e4438898a0c845acf8d1c4566a75ae81d98050
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76116DB5629316ABEB208F54DC09F967BFCEF00B04F108569E65AD6192D7B0E904DBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,00D9AEB3,00000000,00000000), ref: 00D9B0C4
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,00D9AEB3,00000000,00000000), ref: 00D9B0E9
                                                                                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(00D9AEB3,?,?,?,?,?,?,00D9AEB3,00000000,00000000), ref: 00D9B0F3
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,00D9AEB3,00000000,00000000), ref: 00D9B126
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 573a963d8118556d0363e637eebcef332c21483e7f49e394c0d37a174fa63a0e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b20efb3dd3f4781c69992a723534bb1220d6439ef7caafd622924cb38a33515c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 573a963d8118556d0363e637eebcef332c21483e7f49e394c0d37a174fa63a0e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5115E31D0172EE7CF009FE5EA68AEEBB78FF4A721F164096D945B2241CB3095508B71
                                                                                                                                                                                                                                                                                                                                                                        Function 00D92DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00D92DC5
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00D92DD6
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00D92DDD
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00D92DE4
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7e6c32f300bc121c4ed3ae6704a79f1704e74b790669f4f74488cd9af172bfa1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2e14bf200ffc766376cd28dac39cc83fc1ad0dd3b9a1a3d42f9c59b288447ca5
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e6c32f300bc121c4ed3ae6704a79f1704e74b790669f4f74488cd9af172bfa1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79E092716513267BDB201BB39C0DFFB3E6CEF42BA1F041115F20AD15909AA4C841C6F0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D49639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00D49693
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D49639: SelectObject.GDI32(?,00000000), ref: 00D496A2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D49639: BeginPath.GDI32(?), ref: 00D496B9
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D49639: SelectObject.GDI32(?,00000000), ref: 00D496E2
                                                                                                                                                                                                                                                                                                                                                                        • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00DC8887
                                                                                                                                                                                                                                                                                                                                                                        • LineTo.GDI32(?,?,?), ref: 00DC8894
                                                                                                                                                                                                                                                                                                                                                                        • EndPath.GDI32(?), ref: 00DC88A4
                                                                                                                                                                                                                                                                                                                                                                        • StrokePath.GDI32(?), ref: 00DC88B2
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 185320c9830ea5e1c7f51b1247d7d5774c6fb3a1620083f9050e4b4e9363f2cd
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 957dc36f89c1f5e16aa0b44a065ce3540817f58bc7e8f54a75e1638491d9084f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 185320c9830ea5e1c7f51b1247d7d5774c6fb3a1620083f9050e4b4e9363f2cd
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DEF09A3600121BBADB125F95AC09FCA3A19AF06310F448004FB01A61E1C7751550EBF5
                                                                                                                                                                                                                                                                                                                                                                        Function 00D498B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000008), ref: 00D498CC
                                                                                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 00D498D6
                                                                                                                                                                                                                                                                                                                                                                        • SetBkMode.GDI32(?,00000001), ref: 00D498E9
                                                                                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000005), ref: 00D498F1
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9052f6ff95fee1bce6d068c162123db88f498bc2302941c91dfbabed6a7da16a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0908a7df67145d3dc5fc88d27df45fefc89b0623da0caf9d5543b629bde7c2a3
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9052f6ff95fee1bce6d068c162123db88f498bc2302941c91dfbabed6a7da16a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42E03931654782AADB215B79AC09BE93B20AB12336F189219F7BA981E1C37186409B30
                                                                                                                                                                                                                                                                                                                                                                        Function 00D9162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 00D91634
                                                                                                                                                                                                                                                                                                                                                                        • OpenThreadToken.ADVAPI32(00000000,?,?,?,00D911D9), ref: 00D9163B
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00D911D9), ref: 00D91648
                                                                                                                                                                                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,00D911D9), ref: 00D9164F
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a0baedd52f35a1faea1cdcbd3c4535ae0e0d001193aaf2f2dc691f7026044b3e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1c0f5b6a0a25c9085fd3b7eb23fba2fc60984f128ce17d6eccae841cb772169b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a0baedd52f35a1faea1cdcbd3c4535ae0e0d001193aaf2f2dc691f7026044b3e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17E04676A12313ABDB201BE0AE0DF863B68AF84792F188808F349C9080E6388441CB74
                                                                                                                                                                                                                                                                                                                                                                        Function 00D8D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00D8D858
                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00D8D862
                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00D8D882
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?), ref: 00D8D8A3
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f5ff0ea7d799463ef41402d44aeecfc677c5c328a309226ae068b51bbf58da4e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 949832287928c7dacbacc3f99d45992772471b645609bb954929b3db829967ee
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5ff0ea7d799463ef41402d44aeecfc677c5c328a309226ae068b51bbf58da4e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9E012B4850306DFCB419FA0D90CA6DBBB2FB08310F149005F94AE7360C7348501AF60
                                                                                                                                                                                                                                                                                                                                                                        Function 00D8D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00D8D86C
                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00D8D876
                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00D8D882
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?), ref: 00D8D8A3
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 345d3e508ededb3fbc5647f4335ee343316ce3eeb88eb6e487c0ac5b7d4461e5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cdac58d9c4fd77a6a6e7c80842c54bb5da2a083963648447c65bec7852a4542c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 345d3e508ededb3fbc5647f4335ee343316ce3eeb88eb6e487c0ac5b7d4461e5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15E09A75850306DFCB519FA0D90CA6DBBB5FB48311F14A449FA4AE7360D7399902AF60
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D37620: _wcslen.LIBCMT ref: 00D37625
                                                                                                                                                                                                                                                                                                                                                                        • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00DA4ED4
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 46105bbcfdcc3cbb6fa1d2b653abc55b4cdae8c329093b9e3bf691a20e7706d0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3c1a7bdcde216c3c8c08f84f2b2ec85f1c8c939abec48158cd1ad37a67ed2336
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46105bbcfdcc3cbb6fa1d2b653abc55b4cdae8c329093b9e3bf691a20e7706d0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5914F75A012049FCB14DF58C484EAABBF1EF85304F198099E84A9F362D775EE85CBB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D5E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • __startOneArgErrorHandling.LIBCMT ref: 00D5E30D
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                                                                        • String ID: pow
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8e42602fbddde61ab1027a9b8dcac7343325b301fe5142595ff2730d44deb850
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f8c3a1c2c0640698702e4d473681dc4eeae4d62a80d3bd0e21633f44c101cbdf
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e42602fbddde61ab1027a9b8dcac7343325b301fe5142595ff2730d44deb850
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF519B61A0C20697DF197724C9013792B94EF10746F284D99FCD1823A9EB318DCD9A76
                                                                                                                                                                                                                                                                                                                                                                        Function 00D4E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID: #
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: eb3dad1b35ea77ac6d7b3d457042c131340d4618ddc48740427362934b836e17
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cff0c5c475c4dd0a0bd38595100efaa167b9c501c03ec9ffc509c364ca6ca7bb
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb3dad1b35ea77ac6d7b3d457042c131340d4618ddc48740427362934b836e17
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A512375604346EFDB15EF28C881ABE7BA8FF55310F288155E8919B2D0D674DD42CBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00D4F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 00D4F2A2
                                                                                                                                                                                                                                                                                                                                                                        • GlobalMemoryStatusEx.KERNEL32(?), ref: 00D4F2BB
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 446b58002055605fdc806c21d577ba7e4004af4109cb454859a7422a4db974b3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f639c63101cb1126ed9a070a8d417836cbff7f8fe8acbf9cbf93a7fa9a626460
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 446b58002055605fdc806c21d577ba7e4004af4109cb454859a7422a4db974b3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA5124725187499BD320AF10D886BAFBBF8FF84300F81885DF1D9911A5EB708529CB76
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00DB57E0
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DB57EC
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f13f076079ac6d2875069317260dbae2b5a2e6439fbebd2ae40f2f7307d029ba
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: de28ae3a1f513046365568aa684d4dc362a309199bb71eeac3730e0f061c16bd
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f13f076079ac6d2875069317260dbae2b5a2e6439fbebd2ae40f2f7307d029ba
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B341AC35A0020ADFCB14DFA9D881AEEBBB5FF59320F144069E506A7255E770DD81CBB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DAD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00DAD130
                                                                                                                                                                                                                                                                                                                                                                        • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00DAD13A
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: |
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 940f6aa697983986686e39d47e9f1caa059ff75baca04b769d8bb90e225b7834
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1caa9c71cc6d583c04209bcd225f037832afc4c9f9e683db429c76d6d0829aae
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 940f6aa697983986686e39d47e9f1caa059ff75baca04b769d8bb90e225b7834
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4310C71D01219ABCF15EFA4CC85AEEBFBAFF09300F104019F815A6165D735AA56DB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?), ref: 00DC3621
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00DC365C
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                                        • String ID: static
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7c84ce7f29fa80867e9f804cf0e38fe7392a45f26a0d36f93c5afe71cc3bf3e8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 92c24bce31cdef77f99c07c58644b6d8ccc587f3d50298507cc9943bea2dc821
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c84ce7f29fa80867e9f804cf0e38fe7392a45f26a0d36f93c5afe71cc3bf3e8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2831AA71110205AEDB149F68CC80FFB73A9FF88720F10961DF9A997290DA31AD81DB70
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00DC461F
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00DC4634
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID: '
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f14c7941a92e10a276953c986b3187d13fab9cf54940a71648e6ad5c397f20df
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 03fe4ffa9d7810966989f27aed55779400a950c16fbb21f3d3c24a2a694e05ed
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f14c7941a92e10a276953c986b3187d13fab9cf54940a71648e6ad5c397f20df
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81310874A0120A9FDB14CF69C990FDA7BB5FF49300F14406AE905AB395D770A941CFA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00DC327C
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00DC3287
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8f4c74c53b835df9f92713433a0f0aca83bf4c8881afd1144f3508678cab8351
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f8dcfb06c1b5329756ca02468ab14b18dba84f2344c04cdb6e7263eba955fcbd
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f4c74c53b835df9f92713433a0f0aca83bf4c8881afd1144f3508678cab8351
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C11E27130020A7FEF259F94DC80FBB776AEB94364F148128F9189B290D631DD518770
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D3600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00D3604C
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D3600E: GetStockObject.GDI32(00000011), ref: 00D36060
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D3600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00D3606A
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00DC377A
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000012), ref: 00DC3794
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                                        • String ID: static
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e6ad2bffbf5c9d2bfd2a8ad7a8b474eb708892b2bc7e1aff359d3fcdf7e0f358
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9df881e9d2f37683fd20f9e779ae53e8c70a5a461cd31dc13fd7021030f1cfc1
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6ad2bffbf5c9d2bfd2a8ad7a8b474eb708892b2bc7e1aff359d3fcdf7e0f358
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75113AB261020AAFDF01DFA8CC46EEA7BF8FB08314F045518F955E3250D775E9519B60
                                                                                                                                                                                                                                                                                                                                                                        Function 00DACD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00DACD7D
                                                                                                                                                                                                                                                                                                                                                                        • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00DACDA6
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                                        • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 46bb508ad7a6f458fe28dac97f717c875bcc3e9300b61a349f236cdef294efca
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 776c0dce2c6ce5c38a03246978b5d1fba3247122ba5838f51129540bb118562f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46bb508ad7a6f458fe28dac97f717c875bcc3e9300b61a349f236cdef294efca
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1811CE71225636BADB384B668C89EF7BEACEF137B4F00522AB15983180D7749841D6F0
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextLengthW.USER32(00000000), ref: 00DC34AB
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00DC34BA
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: edit
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e619f19e306803b47fa5f0b4c2bf576c2502d5bcd45f88c436c8d1ce36004635
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7762afe5fb0c583e3b2f87c6453b3581edb091d004af41d8321a742170b48cd6
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e619f19e306803b47fa5f0b4c2bf576c2502d5bcd45f88c436c8d1ce36004635
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C119D7110420AAEEB164F64DC40FAA376AEB05374F548328FA64931E0C731DC519B70
                                                                                                                                                                                                                                                                                                                                                                        Function 00D96C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?,?), ref: 00D96CB6
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00D96CC2
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                        • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 899cb1cbe36065f535a9c15048f5bff74aa154582de19b2fcdbdf89f3af760f1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2993b9f117f7c162655955a0d49afbaeeb526af07f8e2a079759d86958c97218
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 899cb1cbe36065f535a9c15048f5bff74aa154582de19b2fcdbdf89f3af760f1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED010032A105278ACF21AFBDDC908BF7BA4EE60710B050528F86292290EA31E840C770
                                                                                                                                                                                                                                                                                                                                                                        Function 00D91CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D93CCA
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00D91D4C
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7a72b424b5f68252d765518589c2195b0b4337fea71a85125609c7d37bb4e4d1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ea040de7d8ec009f8fab94bb5852d859fec92b9733954b302a701a85065f752a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a72b424b5f68252d765518589c2195b0b4337fea71a85125609c7d37bb4e4d1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F801D875601219AB8F08EBA4CD55DFEB768EF46350F040619F972573D1EA705908C670
                                                                                                                                                                                                                                                                                                                                                                        Function 00D91BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D93CCA
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000180,00000000,?), ref: 00D91C46
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4226c3abb948bba7dbb59ba23bdeb9ee2eda9420123b656553a027019e6a7239
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2ba8fd771a078a02c543d04b6d7a574fb4db5bd81d88f59d8a90da6b2a1ea5de
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4226c3abb948bba7dbb59ba23bdeb9ee2eda9420123b656553a027019e6a7239
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F801A7756851096ACF05EB90CA61EFFB7A8DF51340F140019B91667281EAA09E1CC6B1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D91C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D93CCA
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000182,?,00000000), ref: 00D91CC8
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8844a78f79171b9ca70c490014f9eee4770b15f9b9fc740a5bc833c27351c85e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 221bd1bfdcb0b5cb1edeadef07faefa51b36509eed66bdd4071cf90b6a4a7014
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8844a78f79171b9ca70c490014f9eee4770b15f9b9fc740a5bc833c27351c85e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D801D6B96801196BCF04EBA1CA11EFEF7A8DB11340F540015B902B3281EAA09F18C671
                                                                                                                                                                                                                                                                                                                                                                        Function 00D91D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D39CB3: _wcslen.LIBCMT ref: 00D39CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D93CCA
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00D91DD3
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 14b1088018ae977d0da12f7b873945d4e8dd6b5fceb63ae2826a4837adb70a93
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f2d96fa7d84274186a884969ba7ea9735c8fdbb6875c89792ec620d8eea7751a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 14b1088018ae977d0da12f7b873945d4e8dd6b5fceb63ae2826a4837adb70a93
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1F0C875B412196ADF04F7A4CD62FFFB778EF01350F040915F962A72C1DAA0990C8270
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC8172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00E03018,00E0305C), ref: 00DC81BF
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 00DC81D1
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                                                                                        • String ID: \0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3712363035-3218720685
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c665f1270251cdd986b6ff3ca49b925afe5bb61aa1545173115fb1a368aa0a1b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 45ee12c5044b56f41848c06abab9409648666705527eb3f2554a698e10e8a7b0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c665f1270251cdd986b6ff3ca49b925afe5bb61aa1545173115fb1a368aa0a1b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5CF05EF1641301BEF7206772AC4AFB73A5CEB05751F004465FF08E61A2D6768E8892F8
                                                                                                                                                                                                                                                                                                                                                                        Function 00DB747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bbec46f7bc964da16a11308d6c65f3fbe507a0b92d5ef412f1aefde5d57906b8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6c4dc9165e804025c3c2764ab6da31d2787ea46ab3393c8cd8382c23534be18c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bbec46f7bc964da16a11308d6c65f3fbe507a0b92d5ef412f1aefde5d57906b8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8EE02B026042206592311279DCC29FF5689CFC5762714182FFD82C2266EA94CDD197B1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D90B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00D90B23
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                                                                                                                                                                        • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e6efd3663ebd8db9325f888286245de3dd54c5fbe2a3131f402bc596a2c1124f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1e3f4aa65f817b017cdac5b8d9cb4b56b0f0447fbcebd1a5ca43d5809f6ce456
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6efd3663ebd8db9325f888286245de3dd54c5fbe2a3131f402bc596a2c1124f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07E0DF322843093BD21437947C03FC97A84CF05B26F14442AFB8C969D38AE264A00AB9
                                                                                                                                                                                                                                                                                                                                                                        Function 00D50D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D4F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00D50D71,?,?,?,00D3100A), ref: 00D4F7CE
                                                                                                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,00D3100A), ref: 00D50D75
                                                                                                                                                                                                                                                                                                                                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00D3100A), ref: 00D50D84
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00D50D7F
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e1556f17db15335a19f3a1c9074fb2ca2bfab382fb69745c6a02625d81c1f7d2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 809a027437f518638d103c7a8cffb7d63656709b8777b288a323c35f062b7be2
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e1556f17db15335a19f3a1c9074fb2ca2bfab382fb69745c6a02625d81c1f7d2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23E039702003428BD7209FA8D404B82BBE5EB00741F04892EE886C6B51DBB5E4488BB1
                                                                                                                                                                                                                                                                                                                                                                        Function 00D4E398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00D4E3D5
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0%$8%
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-2949748613
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 64776c0a828a90f47da70132b3769d81a502b2fb3245cc537926101c96d00164
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: dff491b3c5334f7d5c45fde9ec5b3a512beb1b12677def9d5b7faa7a07f8e8e0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 64776c0a828a90f47da70132b3769d81a502b2fb3245cc537926101c96d00164
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4E02631400A10DFCA06AB19BC5DE8833D1FB49322F1091ACFB02A71D19B3228C5867F
                                                                                                                                                                                                                                                                                                                                                                        Function 00DA3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00DA302F
                                                                                                                                                                                                                                                                                                                                                                        • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00DA3044
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                                        • String ID: aut
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c59f62e011449717d3d9bf990386c987eb70f375817854e4a91584d5a310fcfb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9e90703f7ed87ca44374bdf2dd4cb7d7df3897707880b55850e709b0c1cac958
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c59f62e011449717d3d9bf990386c987eb70f375817854e4a91584d5a310fcfb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9D05E725003296BDA20E7A4AC0EFDB7A6CDB05750F0002A1B759E2191DAB0D984CAE4
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00DC236C
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000), ref: 00DC2373
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9E97B: Sleep.KERNEL32 ref: 00D9E9F3
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 632a124013cb152336ed5990bf82caac338efb5659c373a885f97452eb279ef5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 671b01ebcb11f4704cb0cef16e4e0dd9091ebc03b6cd0f29dc7dd9ed67b5759a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 632a124013cb152336ed5990bf82caac338efb5659c373a885f97452eb279ef5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95D0C9327E13127AE664B7719C0FFC666149B04B14F115916B74AEA2E0C9A4A8458A74
                                                                                                                                                                                                                                                                                                                                                                        Function 00DC2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00DC232C
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00DC233F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00D9E97B: Sleep.KERNEL32 ref: 00D9E9F3
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6ed8bfc1ef47cdccd27c39b72a21ccfe28f4aa26b60e7a9f6aeb14b3a732aca2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: abbaf728a4fea1efe8ca3f7c1fb06df032873f96260d110e9721b2bb287a9591
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ed8bfc1ef47cdccd27c39b72a21ccfe28f4aa26b60e7a9f6aeb14b3a732aca2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6ED0A9327A0312BAE664B3309C0FFC66A049B00B00F004906B30AEA2E0C8A0A8018A30
                                                                                                                                                                                                                                                                                                                                                                        Function 00D6BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00D6BE93
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D6BEA1
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00D6BEFC
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1762947545.0000000000D31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1762908994.0000000000D30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763054562.0000000000DF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763138035.0000000000DFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1763171823.0000000000E04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d30000_nmy4mJXEaz.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 99fcb4c5410ce081932ea322579474dd2de52e9baf93790cb589381a0a795706
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e47040c2f6e52c4861fbef360074ad51f79d49c580b5e458c912408057f92b44
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99fcb4c5410ce081932ea322579474dd2de52e9baf93790cb589381a0a795706
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F541C335604206AFCF218FA5CC54AAA7BA5EF41330F18416AFD59DB2B1DB328D81CB70